Proper Planning Key To Pre-Empting Invisible Cyberattacks

More than 140 enterprise networks in a range of business sectors in 40 countries have experienced "invisible" cyber attacks.

Visibility across your environment, proper security design of networks and actionable threat intelligence are the keys to protecting your enterprise against "invisible" cyber attacks.

This is according to John Mc Loughlin, managing director of J2 Software, in reaction to a Kaspersky Lab report on cyber criminals breaching more than 140 enterprise networks in a range of business sectors in 40 countries.

According to the report, Kaspersky Lab experts discovered a series of "invisible" targeted attacks that use only legitimate software: widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows, dropping no malware files onto the hard drive, but hiding in the memory.

This combined approach, the company reports, helps to avoid detection by whitelisting technologies, and leaves forensic investigators with almost no artifacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.

"The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible -- or even whether it is a single group or several groups sharing the same tools. Known groups that have the most similar approaches are GCMAN and Carbanak," says Kaspersky Lab.

ESET Research fellow Peter Kosinar says it is a mammoth task to track the attacks. "It is precisely the nature of being "invisible" which makes the actual infections more difficult to track?EU? at least until they execute their intended malicious payload."

Mc Loughlin agrees, adding that it is possible this is far more prevalent than anybody knows simply due to the nature of the attacks. "I see the main targets are being called as...

Comments are closed.