Computerware Blog
Forget Malware: Hackers Are Crafty Enough to Trick You Without It
Behind the safety of a firewall and antivirus solution, it’s easy to forget that the Internet, and the online community in general, can be a dangerous place. It’s not until you fall prey to a hacking attack, virus infection, or similar threat that you become aware of the dangers that lie in the virtual darkness. However, these threats are only part of a more dangerous problem; social engineering hacks.
Hackers are now taking advantage of much more sophisticated measures to steal data and infiltrate networks, but what are these measures that have proven so dangerous in recent times? Generally speaking, a security team will usually investigate the cause of a data breach and discover how and why the malicious entity made its move. However, intelligent attacks that have nothing to do with malware are proving to be somewhat difficult to trace. These are called social engineering attacks: intelligent hacking attacks that take advantage of legitimate means to access a network, like deceiving unsuspecting users into handing over credentials. These legitimate tactics aren’t raising any red flags for security systems, which makes them especially troublesome.
Crowdstrike CEO George Kurz explains that these attackers are using common tools like PowerShell to infiltrate networks, seemingly under the guise of administrator logins. Dell SecureWorks has also found a similar method in which hackers are using legitimate user credentials to infiltrate systems with Windows administration tools. These attackers are using real login credentials to cause real problems, making it difficult to diagnose threatening behavior before it’s too late.
In other words, it doesn’t take a rocket scientist to explain that folks aren’t having trouble preventing hacking attacks because they’re incompetent, but because they’re simply having trouble identifying illegitimate logins from the legitimate ones. Security protocol can’t be limited to attacks that can be easily accounted for. Instead, you should protect your network from the worst threats that could strike, and take no chances. When an end-user falls victim to a spear phishing attack, they’re essentially giving hackers free access to your network to cause all sorts of mayhem. These legitimate login credentials often don’t trigger any warnings, and don’t leave much evidence of their access. InfoWorld states:
The fact that attackers are using legitimate tools -- FTP, RDP, PowerShell -- means they are not leaving much in the way of tracks behind them. With no easily found malware artifacts, it's harder for security teams to determine the initial penetration point. If the company has deployed breach-detection technologies that focus solely on malware and its artifacts, such as command-and-control IP addresses and domain names, then the defenders don’t get the alerts when the attackers are live in the network.
For example, you might consider taking a closer look at your access logs to ensure that there aren’t any suspicious logins from halfway across the world. Businesses often neglect checking their access logs for this behavior because they feel that their in-house users are the only ones with access to the network. However, this simply isn’t the case, especially if someone has fallen victim to a spear phishing attack and given up valuable information. Furthermore, businesses that haven’t integrated two-factor authentication yet should seriously consider doing so. If access to mission-critical information requires two-factor authentication, this adds an extra step to the hacker’s process which makes it more difficult to access your company’s data.
By taking advantage of a remote monitoring and maintenance solution from Computerware, you can be confident that there are always eyes on your network, making sure that only authorized personnel are accessing your IT infrastructure. Give us a call at (703) 821-8200 to learn more.
Comments