Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
. UPDATED 10 MINUTES AGO.
You are here: Home / Data Security / Planning Key To Stopping Cybercrime
Proper Planning Key To Pre-Empting Invisible Cyberattacks
Proper Planning Key To Pre-Empting Invisible Cyberattacks
Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
14
2017
More than 140 enterprise networks in a range of business sectors in 40 countries have experienced "invisible" cyber attacks.

Visibility across your environment, proper security design of networks and actionable threat intelligence are the keys to protecting your enterprise against "invisible" cyber attacks.

This is according to John Mc Loughlin, managing director of J2 Software, in reaction to a Kaspersky Lab report on cyber criminals breaching more than 140 enterprise networks in a range of business sectors in 40 countries.

According to the report, Kaspersky Lab experts discovered a series of "invisible" targeted attacks that use only legitimate software: widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows, dropping no malware files onto the hard drive, but hiding in the memory.

This combined approach, the company reports, helps to avoid detection by whitelisting technologies, and leaves forensic investigators with almost no artifacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.

"The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible -- or even whether it is a single group or several groups sharing the same tools. Known groups that have the most similar approaches are GCMAN and Carbanak," says Kaspersky Lab.

ESET Research fellow Peter Kosinar says it is a mammoth task to track the attacks. "It is precisely the nature of being "invisible" which makes the actual infections more difficult to track… at least until they execute their intended malicious payload."

Mc Loughlin agrees, adding that it is possible this is far more prevalent than anybody knows simply due to the nature of the attacks. "I see the main targets are being called as banks, telecoms companies and government organizations. I am of the opinion that every single organization or entity that makes use of electronic payment methods, collects credit card information or stores sensitive data on their networks and devices is a target." Kaspersky Lab points out recent victims included two banks, one telecom company, a financial institution, and three government entities in Kenya. In Uganda, attacks on only four financial institutions were reported.

Both Kosinar and Mc Loughlin say many of the tricks and best practices are already known as preventative measures but companies are failing to apply them thoroughly.

Mc Loughlin explains: "The problem with this and other cyber attacks is that the attackers are putting in more effort and have resources while the individual targets (companies) do not. It is important to have end point visibility and behavioral monitoring and alerting or remediating any breaches as they occur. With behavioral monitoring and visibility it makes no difference if the attack is on a hard drive, network or sitting in memory -- changes are flagged, the source and destination of attacks are clearly marked and you have the ability to stop these in their tracks."

© 2017 ITWeb under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
DATA STORAGE TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.