Natwest business customers at risk due to security software
Royal Bank of Scotland’s (RBS) Natwest customers’ systems were made vulnerable as the bank recommended the installation of flawed security software.
As reported by the BBC, the vulnerability comes in Heimdal Security’s Thor Foresight Enterprise product, which was offered to business customers for free.
However, security researchers at Pen Test Partners found out that this software had clear vulnerabilities that could compromise the systems.
Security Researcher Ken Munro told the BBC: “We were able to gain access to a victim’s computer very easily. Attackers could have had complete control of that person’s emails, internet history and bank details.
“Heimdal Thor is security software that runs at a high level of privilege on a user’s machine. It’s essential that it is held to the highest possible standards.”
The security software acts as a filter and aims to spot and stop common cyber-attacks that try to steal data or lock it away in ransomware.
Luckily, the bug has now been fixed, with Heimdal Security estimating that about 50,000 people were using the vulnerable software.
In a statement, Heimdal’s chief executive Morten Kjaersgaard says: “We naturally treat information like this very seriously. We issued a fix and automatically updated 97% of all affected endpoints within four days of being informed, and the rest shortly after.”
RBS said it had only affected NatWest customers as it was not yet being offered to its RBS and Ulster banks. The company would not disclose how many of its customers would have been at risk.
The firm says the bug was live for three weeks and affected around 50,000 computers, or around 8% of the number of machines running the Thor software.