{"id":7433,"date":"2021-08-26T22:16:22","date_gmt":"2021-08-26T20:16:22","guid":{"rendered":"https:\/\/hansesecure.de\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/"},"modified":"2023-06-12T14:33:51","modified_gmt":"2023-06-12T12:33:51","slug":"top-security-quickfails-3-the-invisible-network-shares","status":"publish","type":"post","link":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/","title":{"rendered":"Top Security QuickFails: #3 The “invisible” network shares"},"content":{"rendered":"\n
\"\"<\/a><\/figure>\n\n

#3 The “invisible” network shares<\/h2>\n\n

The attack<\/h3>\n\n

It’s Wednesday morning, the sun is shining and all ImmerGr\u00fcn AG employees are looking forward to the summer party in the afternoon.Beate from the HR department wanted to have a look at some applications from the previous day and was surprised that many documents suddenly required macros<\/a> to open, but she would have another look tomorrow…<\/p>\n\n

\"\"<\/a><\/figure>\n\n

What happened?<\/h4>\n\n

An attacker had compromised an account of an employee. This one could actually only see the company’s global exchange drive. However, the attacker very quickly checked all servers for open network drives and found that most shares were merely unmounted, but every domain user had read & write permissions on them.Therefore, he added a macro to each Office file (Word, PowerPoint, Excel), on each network share. As a result, any employee who opened one of these files was also compromised.<\/p>\n\n

In addition, the attacker found an “Admin” share, which appeared to be exclusively for administrators. <\/p>\n\n

\"\"<\/a><\/figure>\n\n

In addition to various setup files, the attacker also found bat & Powershell scripts. These also contained the credentials of various privileged accounts, which allowed the entire company to be compromised.<\/p>\n\n

The countermeasure<\/h3>\n\n

First of all, administrators should realize that shares can also be included by users! This means that “non-visible” network drives must also be provided with appropriate permissions.<\/p>\n\n

Afterwards, all systems in the network should be checked for open network shares and their permissions.<\/p>\n\n

Safety gain<\/span><\/strong><\/h2>\n\n

Medium to High<\/p>\n\n

*From the blog series Top Security QuickFails<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

#3 The “invisible” network shares The attack It’s Wednesday morning, the sun is shining and all ImmerGr\u00fcn AG employees are looking forward to the summer party in the afternoon.Beate from the HR department wanted to have a look at some applications from the previous day and was surprised that many documents suddenly required macros to […]<\/p>\n","protected":false},"author":2,"featured_media":7011,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[260],"tags":[266],"class_list":["post-7433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-quickfails","tag-migration-en"],"acf":[],"yoast_head":"\nTop Security QuickFails: #3 The "invisible" network shares – HanseSecure GmbH<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Top Security QuickFails: #3 The "invisible" network shares – HanseSecure GmbH\" \/>\n<meta property=\"og:description\" content=\"#3 The “invisible” network shares The attack It’s Wednesday morning, the sun is shining and all ImmerGr\u00fcn AG employees are looking forward to the summer party in the afternoon.Beate from the HR department wanted to have a look at some applications from the previous day and was surprised that many documents suddenly required macros to […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/\" \/>\n<meta property=\"og:site_name\" content=\"HanseSecure GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/hansesecure\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-26T20:16:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-12T12:33:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hansesecure.de\/wp-content\/uploads\/2021\/08\/blog-smb.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"HanseSecure\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:site\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"HanseSecure\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/\"},\"author\":{\"name\":\"HanseSecure\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\"},\"headline\":\"Top Security QuickFails: #3 The “invisible” network shares\",\"datePublished\":\"2021-08-26T20:16:22+00:00\",\"dateModified\":\"2023-06-12T12:33:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/\"},\"wordCount\":259,\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/blog-smb.jpg\",\"keywords\":[\"Migration\"],\"articleSection\":[\"QuickFails\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/\",\"name\":\"Top Security QuickFails: #3 The \\\"invisible\\\" network shares – HanseSecure GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/blog-smb.jpg\",\"datePublished\":\"2021-08-26T20:16:22+00:00\",\"dateModified\":\"2023-06-12T12:33:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/blog-smb.jpg\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/blog-smb.jpg\",\"width\":400,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2021\\\/08\\\/top-security-quickfails-3-the-invisible-network-shares\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Top Security QuickFails: #3 The „invisible“ network shares\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"name\":\"HanseSecure GmbH\",\"description\":\"Choose the Intruder\",\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\",\"name\":\"HanseSecure GmbH\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"width\":512,\"height\":512,\"caption\":\"HanseSecure GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/facebook.com\\\/hansesecure\",\"https:\\\/\\\/x.com\\\/CyberWarship\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hansesecure\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCAABbKOA_stDFkEKS3MSF7Q\",\"https:\\\/\\\/www.instagram.com\\\/hansesecure\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\",\"name\":\"HanseSecure\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"caption\":\"HanseSecure\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Top Security QuickFails: #3 The \"invisible\" network shares – HanseSecure GmbH","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/","og_locale":"en_US","og_type":"article","og_title":"Top Security QuickFails: #3 The \"invisible\" network shares – HanseSecure GmbH","og_description":"#3 The “invisible” network shares The attack It’s Wednesday morning, the sun is shining and all ImmerGr\u00fcn AG employees are looking forward to the summer party in the afternoon.Beate from the HR department wanted to have a look at some applications from the previous day and was surprised that many documents suddenly required macros to […]","og_url":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/","og_site_name":"HanseSecure GmbH","article_publisher":"https:\/\/facebook.com\/hansesecure","article_published_time":"2021-08-26T20:16:22+00:00","article_modified_time":"2023-06-12T12:33:51+00:00","og_image":[{"width":400,"height":300,"url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2021\/08\/blog-smb.jpg","type":"image\/jpeg"}],"author":"HanseSecure","twitter_card":"summary_large_image","twitter_creator":"@CyberWarship","twitter_site":"@CyberWarship","twitter_misc":{"Written by":"HanseSecure","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/#article","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/"},"author":{"name":"HanseSecure","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593"},"headline":"Top Security QuickFails: #3 The “invisible” network shares","datePublished":"2021-08-26T20:16:22+00:00","dateModified":"2023-06-12T12:33:51+00:00","mainEntityOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/"},"wordCount":259,"publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2021\/08\/blog-smb.jpg","keywords":["Migration"],"articleSection":["QuickFails"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/","url":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/","name":"Top Security QuickFails: #3 The \"invisible\" network shares – HanseSecure GmbH","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/#primaryimage"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2021\/08\/blog-smb.jpg","datePublished":"2021-08-26T20:16:22+00:00","dateModified":"2023-06-12T12:33:51+00:00","breadcrumb":{"@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/#primaryimage","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2021\/08\/blog-smb.jpg","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2021\/08\/blog-smb.jpg","width":400,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/hansesecure.de\/en\/2021\/08\/top-security-quickfails-3-the-invisible-network-shares\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/hansesecure.de\/en\/"},{"@type":"ListItem","position":2,"name":"Top Security QuickFails: #3 The „invisible“ network shares"}]},{"@type":"WebSite","@id":"https:\/\/hansesecure.de\/en\/#website","url":"https:\/\/hansesecure.de\/en\/","name":"HanseSecure GmbH","description":"Choose the Intruder","publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hansesecure.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hansesecure.de\/en\/#organization","name":"HanseSecure GmbH","url":"https:\/\/hansesecure.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","width":512,"height":512,"caption":"HanseSecure GmbH"},"image":{"@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/hansesecure","https:\/\/x.com\/CyberWarship","https:\/\/www.linkedin.com\/company\/hansesecure","https:\/\/www.youtube.com\/channel\/UCAABbKOA_stDFkEKS3MSF7Q","https:\/\/www.instagram.com\/hansesecure\/"]},{"@type":"Person","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593","name":"HanseSecure","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","caption":"HanseSecure"}}]}},"_links":{"self":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/comments?post=7433"}],"version-history":[{"count":1,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7433\/revisions"}],"predecessor-version":[{"id":7434,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7433\/revisions\/7434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media\/7011"}],"wp:attachment":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media?parent=7433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/categories?post=7433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/tags?post=7433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}