October 22, 2018
How long has it been since you read about a breach that started with an employee unwittingly opening a malicious file in an email they thought was legitimate? It likely wasn’t long ago.
Phishing is on the rise and cyber criminals use the elusive tactic to extort ransom from businesses, swipe medical data from healthcare organizations and steal money from the bank accounts of hopeful home buyers. Social engineering attacks, such as phishing and a more nuanced form of it called pretexting, represents 93% of the breaches the 2018 Verizon Data Breach Investigations Report (DBIR) examined.
As also noted in the DBIR report, phishing is very often the first step in a larger chain of events leading to a breach. Once a user clicks on a link or an attached file in an email, a malicious application can download which gives the intruder the access they were seeking. From there, thieves can work to gain control of sensitive information and access to corporate admin credentials. Unfortunately, this is a scenario we’ve seen played out time and again.
To help IT run needed diagnostics on their fleet of devices and stop a threat before it has a chance to gain any traction, Absolute has released new scripts for Reach, a powerful custom query and remediation feature that is part of the Absolute platform. With these important new tools, IT can effectively disable intrusive Windows processes or services, clear tampered host files on endpoints and restore them to a previous version, reset admin account passwords and modify admin shares to eradicate or, at a minimum, limit the effects.
Because Absolute Reach lets you ‘reach’ any device, even if these devices are off your network and outside the bounds of traditional tools, you can still take action on these devices. The full list of new Reach scripts is below.
New Script Name | Description |
Backup/Clear Hosts File | Backup or clear a hosts file on device |
Restore Hosts File | Restore a previous version of a hosts file on a device |
Set Local Admin Password | Set the password for the local administrator on a device |
Kill Windows Process | Terminate a specified Windows process on a device |
Enable/Disable Admin Shares | Enable or disable admin shares on a device |
Remove Windows Service | Remove a Windows service from a device |
Set Max Event Log File Size | Set the maximum file size for Windows event logs. |
Remove Windows Shares | Remove one or more Windows file shares on a device |
Stop Windows Process | Stop one or more Windows process running on a device |
More scripts are coming soon; be sure to watch our blog for further updates. To explore Reach for yourself, check out this short video.
Share this article