Free Phone Consultation For New Clients | CONTACT NOW

Why Remediation Alone Is Not Enough When Infected by Malware

A forensic analysis of two AhnLab servers has revealed that they were infected with various malware types before and during a breach in February 2022 but did not identify how the malware started.

In the first case, we found that the server had been infected with malicious PowerShell scripts at some point in time. In the second case, a large number of malware was detected on the system.

We believe this means that remediating for known malware is not enough to protect against new infections. It is important to have an incident response plan before and during a breach as well as updating IT infrastructure and policies post-incident so as to avoid future compromises.

In January 2022, AhnLab alerted customers to the fact that some of its systems had been breached. Although AhnLab was not specific about the systems involved, it did state that the breach did not affect its core systems.

AhnLab later disclosed in February 2022 that not only were some of its internal systems compromised but that malware had compromised legitimate Windows web servers running on Ahnlab's network.

Forensic analysis of various compromised Ahnlab servers reveals that they were infected with various malware types before and during a breach in February 2022 but it does not identify how the malware started or what specific vulnerability was exploited to bring about this compromise.

During the investigation, DOVADO disclosed that malware had also been found on two AhnLab servers as far back as January 2016 and October 2017 respectively. DOVADO was able to acquire these malware samples from AhnLab directly.

Source: Why Remediation Alone Is Not Enough When Infected by Malware - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?