Alex Useche, Senior Consultant at nVisium, notes that if an attacker can use Thunderspy to access your laptop account, they would be able to access all your files and even impersonate your accounts, as applications like Outlook rarely require users to re-enter their credentials. “The impact is much more significant if your laptop logs in to the internal network automatically without requiring additional authentication, as now attackers have access to your company’s data,” Useche says. “Consumers who misplace and lose their laptops at a public place may often find comfort on the fact that their laptops are at least secured by a password. Thunderspy throws that protection out the window. This is especially true in cases where the only password needed to access a user’s files in the Windows password. As a result, it becomes even more necessary to avoid leaving laptops unattended, whether at a public space, at the office, or even a hotel room.”

Read entire article here