Many things around us are not intended to be harmful, but have the potential to be dangerous. Take a plastic bag, for example. Although designed to contain things, it can become a suffocation hazard for young children.
This concept of potential danger can also be applied to legitimate and bootleg software programs categorized as riskware. While these programs are not designed to work like malware, they are vulnerable to exploitation by cybercriminals. Specifically, threat actors can use riskware to disrupt operations, hijack IT systems, and steal sensitive company information.
Let’s take a look at the dangers that riskware poses to your business.
How does riskware work?
Software programs require levels of system access so that they can function as designed. Video conferencing apps, for instance, require permissions to access the built-in camera and microphone on the user's device.
Other programs will have deeper system access so that they can provide more functionality to end users and grant diagnostic and repair capabilities to IT support staff. However, some functions are vulnerable to abuse by threat actors. The most common functions they take advantage of are:
- Access to the system kernel, i.e., the core component of an operating system
- Access to critical system operating areas, such as internet protocols (IPs) and the system registry
- Access to data-gathering components like the camera, microphone, and GPS
- Program modification for changing program settings or altering its code
How can riskware affect your business?
While the above special functions benefit users, they can pose security and legality risks such as:
Data breaches
Cybercriminals can use riskware as access points for stealing data or installing malware. A common type of riskware used for this purpose is the internet relay chat (IRC) client. IRC clients with dialer programs and instant messaging features are especially vulnerable since malicious actors can create backdoors and use the aforementioned features to deliver malware, such as ransomware.
Program exploits
Threat actors can take over and misuse programs such as remote access software. This program allows admins and IT technicians to peer into a user’s computer, then diagnose and fix technical issues. However, if that application is not tightly secured, a hacker can use it to hijack a user’s entire operating system (don’t worry, if it was installed by us, it is secured!).
This spells all sorts of trouble for your organization, as not only will the affected staff member become unproductive, but the hacker can also wreak havoc across your network.
Invasion of privacy
Black hat hackers can hijack a user’s camera, microphone, and GPS to watch, listen to, and keep track of the user’s location and environment. These threat actors typically do this to commit corporate espionage — which is why Meta CEO Mark Zuckerberg covers his laptop’s webcam and mic jack with tape.
Illegal program modifications
Some programs can alter another program’s code, thereby violating the latter’s terms of use. An example of the former is a software cracking program. This can disable another program’s copy protections so that the latter can be counterfeited.
How can you protect your business from riskware threats?
Since riskware is just software that’s mainly benign until used maliciously, looking for and guarding against riskware is difficult. Assess each program by asking these questions to find riskware more easily:
- Did my admins install this program?
If the answer is no — and the program did not come with your operating system — then you may have riskware that’s being used as a backdoor for installing apps without your permission. And even if you answer yes but not all of that program’s permissions are authorized by you or your admins, then you must consider the software as suspicious. - Are the permissions granted to this program valid?
A calculator app has no need to access your contacts, so if it does have that type of access, you must consider wiping it clean from your system. Access to your camera, microphone, registry, and the like must be granted sparingly and judiciously. This must also be the case for admin-level permissions. - Is this program still supported?
When an app loses support, it will no longer receive security patches. Cybercriminals will exploit unpatched software vulnerabilities and victimize those who are still using the app. Therefore, it’s best to always use a supported app and to apply patches as soon as they arrive. - Does this program violate the terms of service for another program?
Many programs interact with one another, but those that bolster or deactivate the features of other software must be avoided.
As you can see, keeping your organization safe from riskware requires a lot of time, effort, and expertise. Fortunately, you can save your IT team a lot of trouble by turning to Healthy IT. Our cybersecurity specialists can defend your business from riskware and all sorts of cyberthreats. To learn more, send us a message today.