Certified Security Operations Center GmbH

23. August 2024

Security warning: Private use of a company computer

Despite the known risks, many people use their company computer privately, often out of convenience or because the guidelines are unclear. Working from home blurs the boundaries between work and leisure for some employees, which favours private use. In addition, many underestimate the risks to IT security or have no suitable alternatives, which encourages the spread of this practice despite the ban. Using a company computer for private purposes harbours considerable risks and is prohibited for good reason. A company computer is specifically intended for professional activities and often contains sensitive, confidential data that is subject to strict protection. If used improperly, for example by downloading insecure files or visiting unsecured websites, malware and viruses can easily enter the company network. This not only jeopardises the company’s IT security, but can also have legal consequences for the user. In addition, the mixing of private and professional data can jeopardise the integrity and confidentiality of business information.

A recent incident that we registered with a customer shows that many people are not aware of the dangers. In today’s news article, we would therefore like to draw attention to the pitfalls of private use of company computers and explain the possible consequences for the private individual concerned and the company as a whole.

Description of the incident

In a security analysis carried out at a customer’s premises, alarming behaviour was discovered that indicated unauthorised access to unwanted content via a company computer. The misuse of the company computer led to unexpected behaviour of the Windows computer through supposedly maliciously obfuscated commands using an extension for the ‘Firefox’ browser from Mozilla.

The investigation revealed that an extension for the Firefox browser, known as ‘Video DownloadHelper’, may have been misused to download potentially malicious content. This content included, as it turned out afterwards, pornographic videos that were launched via the Windows Media Player application.

What was particularly worrying was that the installation of the extension was not limited to the browser, but was also deeply integrated into the Windows system.
During the investigation, it was found that the commands of this software were obfuscated by Base64 encoding – a common tactic used by malware to evade detection mechanisms. This type of behaviour indicates that the supposed browser extension was being used to exploit vulnerabilities in the system. Further analyses revealed numerous DNS requests to dubious websites, including spam portals, sex dating and webcam sites. Such activities on a service computer are not only associated with legal consequences, but also harbour considerable risks for the entire company infrastructure.

Dangers

Malware and viruses: By accessing insecure websites, opening emails from private accounts or downloading software, there is an increased risk of malware, viruses or ransomware being introduced into the company network. Such attacks can compromise sensitive data and cause considerable financial damage.

Data loss: If employees store private data or use insecure software, this can lead to unintentional data loss.

Reputation and loss of trust: If private data or unauthorised software is stored on company computers, this could lead to breaches of data protection regulations. This can result in high fines and legal consequences.

Loss of productivity: Employees who use their working time for private activities can impair the company’s productivity.

Increased IT costs: Fixing problems can require additional IT support, which increases costs for the company. The resulting security measures that need to be implemented can also be expensive for a company.

Labour law consequences: The need to take disciplinary action against the employee can lead to legal disputes. Unauthorised use can result in a warning, which will also be noted in the personnel file. In the event of repeated offences or particularly serious cases, termination without notice may be justified. The employee may be held liable for the damage caused.

Risk of industrial espionage: Confidential business information can fall into the wrong hands through improper use.

Recommended measures

This incident emphasises the need to use company computers for business purposes only. In order to minimise similar risks in the future, companies should focus more on protective measures. These include the implementation of firewall rules that can prevent access to dodgy websites and regular monitoring of data traffic.
Even though adblockers can help to block unwanted content in some cases, their use is a decision that should be made on an individual basis. However, it is much more important to develop robust security strategies that offer comprehensive protection. This case also shows that employee training is important and must take place regularly so that everyone is aware of the dangers.

Conclusion

The discovery of this security incident serves as a stern reminder that organisations must not neglect control of their IT infrastructure. The use of professional security solutions and the training of employees in the safe handling of work equipment are essential to minimise the risk of cyber attacks and data loss.

error: