The toolbar distributed by Chinese-language search engine Baidu, is being targeted by opportunistic attackers and use to exfiltrate corporate secrets, says Rob Eggebrecht, president and CEO of security firm InteliSecure.
Baidu, like all major search engines, including Bing, Google, and Yahoo, distributes a toolbar that can be used to speed up search engines. But Eggebrecht says that multiple organizations have traced data breaches to an intrusion that began when outsiders used the Baidu toolbar to sneak data-stealing malware into their company. Refusing to specify, he says that one recent victim was a U.S. pharmaceutical firm, from which attackers compromised research and development work worth millions of dollars.
Eggebrecht’s firm believes that the attacks can be traced back to individuals associated with the Chinese government.
“Our take on it, not trying to directly pick on the Chinese, is that…when users hit certain links, attackers drop down…malware, or phone-home technology, that starts capturing information.”
Eggebrecht states the toolbar-enabled data exfiltration comes at a time when his firm has witnessed a spike in attacks against corporate networks – and not just those targeting toolbars – by what appear to be attackers with ties to China. To date, hacking U.S. and Canadian organizations seems to trigger few, if any, penalties against either Chinese individuals or the government itself.
APT-style attacks – often beginning with a phishing email, and relying on targets to execute attachments and thus infect their systems with malware – are seen as the hallmark of corporate espionage. But attackers have never been adverse to employing simpler options when available. Eggebrecht states:
Targeting the toolbar “was an opportunistic way for the Chinese government to capture information in a very nonchalant manner, because…they know they have a good expat user base in the research community” that is going to rely on a Chinese-language search engine.
All browser toolbars should be blocked by default, states Alan Woodward, a computer science visiting professor at the University of Surrey, and a cybersecurity adviser to Europol, the association of European police agencies.
“These so-called ‘helper’ add-ins, I mean, god knows what they’re doing. It’s a well-known attack vector.”
Ask your I.T department if toolbars are blocked through your security settings.
Ask us about our Core Security Solution Package!