We’re all aware of how much damage malware can inflict on a business. Malware, can perform functions like lock down files, steal sensitive data, and distribute crippling viruses. As malware prevention gets more sophisticated, so are the hackers. Indeed, recent studies show that malware is now involved in less than half of all reported hacking attacks. Instead hackers are taking advantage of legitimate means that don’t raise a red flag for security systems.
CEO of Crowdstrike George Kurz claims that attackers are using common tools like PowerShell to infiltrate networks. Dell SecureWorks has found that most hackers are using actual legitimate Windows administration tools to access systems. Since these hackers are using real login credentials, detection systems are finding it increasingly difficult to diagnose threatening behavior.
Thus, the industry is becoming more aware that security shouldn’t just be concerned with identifying the usual suspects. Instead, security protocols now need to account for a whole new set of problems. For example, will come in the form of spear phishing attacks that directly target users, asking them for login credentials that allow for legitimate access to an account login. Or, hackers might steal an employee’s passwords. Thanks to these troublesome antics, hackers often don’t leave much in their wake, save for a path of destruction. InfoWorld states:
The fact that attackers are using legitimate tools — FTP, RDP, PowerShell — means they are not leaving much in the way of tracks behind them. With no easily found malware artifacts, it’s harder for security teams to determine the initial penetration point. If the company has deployed breach-detection technologies that focus solely on malware and its artifacts, such as command-and-control IP addresses and domain names, then the defenders don’t get the alerts when the attackers are live in the network.
This is why it’s so important to pay attention to who is accessing your network, and when. Businesses often neglect to pay attention to their access logs because they feel that only authorized users will attempt to access the network through legitimate means. However, this simply isn’t the case anymore. Keeping a close eye on access logs can help to ensure that nobody is accessing your network that isn’t supposed to. Businesses that haven’t integrated two-factor authentication yet should seriously consider doing so. If access to mission-critical information requires two-factor authentication, this adds an extra step to the hacker’s process which can make it that much more difficult to access your company’s data.
CTN can remotely monitor your network for any suspicious activity and resolve it before there’s cause for concern. Additionally, we can help your organization integrate two-factor authentication. For more information about how you can keep your business’s network safe and secure, give us a call at (610) 828-5500.