One of the primary threats that business networks are trying to protect themselves from is malware. We’re all aware of how much damage a stray piece of malware can inflict on a business, as they can perform functions like lock down files, steal sensitive data, and distribute crippling viruses. In recent developments, studies are showing that malware is now involved in less than half of all reported hacking attacks, and that more sophisticated measures are now being taken to exploit unwary users.
So, what are these sophisticated measures? Following a data breach, the majority of security teams will investigate the root cause of the issue, and they’ll find that, more often than not, the issue has to do with either social engineering attacks or through legitimate administrator tools. What this means is that hackers are no longer relying on illegitimate means of accessing networks, and are instead taking advantage of legitimate means that don’t raise a red flag for security systems.
CEO of Crowdstrike George Kurz claims that attackers are using common tools like PowerShell to infiltrate networks. Dell SecureWorks has found that most hackers are using actual legitimate Windows administration tools to access systems. Since these hackers are using real login credentials, detection systems are finding it increasingly difficult to diagnose threatening behavior, putting these organizations at risk at no fault of their own.
Thus, it’s becoming aware that security shouldn’t just be concerned with identifying normal threats that are easily to see. Instead, security protocol should account for problems that can’t be foreseen, a task that seems like it’s borderline impossible. Many hacking attacks will come in the form of spear phishing attacks that directly target users, asking them for login credentials that allow for legitimate access to an account login. Thanks to these troublesome antics, hackers often don’t leave much in their wake, save for a path of destruction. InfoWorld states:
The fact that attackers are using legitimate tools — FTP, RDP, PowerShell — means they are not leaving much in the way of tracks behind them. With no easily found malware artifacts, it’s harder for security teams to determine the initial penetration point. If the company has deployed breach-detection technologies that focus solely on malware and its artifacts, such as command-and-control IP addresses and domain names, then the defenders don’t get the alerts when the attackers are live in the network.
This is why it’s so important to pay attention to who is accessing your network, and when. Businesses often neglect to pay attention to their access logs because they feel that only authorized users will attempt to access the network through legitimate means. However, this simply isn’t the case anymore. Keeping a close eye on access logs can help to ensure that nobody is accessing your network that isn’t supposed to. Furthermore, businesses that haven’t integrated two-factor authentication yet should seriously consider doing so. If access to mission-critical information requires two-factor authentication, this adds an extra step to the hacker’s process which can make it that more difficult to access your company’s data.
PACE Technical Services can remotely monitor your network for any suspicious activity and resolve it before there’s cause for concern. Additionally, we can help your organization integrate two-factor authentication. For more information about how you can keep your business’s network safe and secure, give us a call at 905.763.7896.