RESPONSE TO RISKY EMPLOYEE BEHAVIOUR

We would like to share an example of a recent incident that underscores the critical importance of CYDEF’s security solution. This incident serves as a stark reminder of the ever-present threats in the digital landscape.

INCIDENT OVERVIEW

CYDEF recently detected an employee of one of our clients performing numerous risky behaviors on their workplace device. The activities included saving credentials in plaintext Notepad files, gambling, and downloading torrented media (movies). While we often discuss critical incidents like ransomware when discussing security, people underestimate the impact compounding low-level incidents from poor employee behavior can have on an organization's security posture—"Death by a thousand cuts," as one of our threat hunters calls it. For example, when credentials are stored in plaintext in a Notepad file, a potential threat actor can use them to swiftly escalate their privileges on the machine and exacerbate the attack.

THREAT DETECTION AND ISOLATION

Using SMART-Monitor, we detected the activity through our regular investigation of the Notepad process, which commonly reveals these behaviors. The types of accounts we typically see are Microsoft accounts and Gmail accounts. Our analysts report these activities and recommend swapping to a password manager instead. Passwords in Notepad files on an employee's desktop are the digital equivalent of sticky notes at the bottom of their monitor.

NOTEPAD FILE RISKS

Notepad files are unencrypted plain text documents, meaning anyone with access to your computer can easily read the passwords. Cybercriminals can effortlessly obtain all your stored credentials if your device is compromised by malware or stolen. Unlike password managers, Notepad files offer no additional security features: no encryption to scramble the text, no authentication required to view the contents, and no protection against unauthorized access or copying.