Proper Planning Key To Pre-Empting Invisible Cyberattacks
More than 140 enterprise networks in a range of business sectors in 40 countries have experienced "invisible" cyber attacks.
Visibility across your environment, proper security design of networks and actionable threat intelligence are the keys to protecting your enterprise against "invisible" cyber attacks.
This is according to John Mc Loughlin, managing director of J2 Software, in reaction to a Kaspersky Lab report on cyber criminals breaching more than 140 enterprise networks in a range of business sectors in 40 countries.
According to the report, Kaspersky Lab experts discovered a series of "invisible" targeted attacks that use only legitimate software: widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows, dropping no malware files onto the hard drive, but hiding in the memory.
This combined approach, the company reports, helps to avoid detection by whitelisting technologies, and leaves forensic investigators with almost no artifacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.
"The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible -- or even whether it is a single group or several groups sharing the same tools. Known groups that have the most similar approaches are GCMAN and Carbanak," says Kaspersky Lab.
ESET Research fellow Peter Kosinar says it is a mammoth task to track the attacks. "It is precisely the nature of being "invisible" which makes the actual infections more difficult to track… at least until they execute their intended malicious payload."
Mc Loughlin agrees, adding that it is possible this is far more prevalent than anybody knows simply due to the nature of the attacks. "I see the main targets are being called as banks, telecoms companies and government organizations. I am of the opinion that every single organization or entity that makes use of electronic payment methods, collects credit card information or stores sensitive on their networks and devices is a target." Kaspersky Lab points out recent victims included two banks, one telecom company, a financial institution, and three government entities in Kenya. In Uganda, attacks on only four financial institutions were reported.
Both Kosinar and Mc Loughlin say many of the tricks and best practices are already known as preventative measures but companies are failing to apply them thoroughly.
Mc Loughlin explains: "The problem with this and other cyber attacks is that the attackers are putting in more effort and have resources while the individual targets (companies) do not. It is important to have end point visibility and behavioral monitoring and alerting or remediating any breaches as they occur. With behavioral monitoring and visibility it makes no difference if the attack is on a hard drive, network or sitting in memory -- changes are flagged, the source and destination of attacks are clearly marked and you have the ability to stop these in their tracks."
© 2017 ITWeb under contract with NewsEdge/Acquire Media. All rights reserved.