EDITION
  • English
  • 中文
  • Bahasa
  • eCommerce
Tuesday, January 31, 2023
uLearnMoney Subscription Events
No Result
View All Result
Money Compass

EDITIONS:

Media and partner organizations:

cmc bmc ulearnmoney mylife mcm
  • HOME
  • NEWS
    • Global Market News
    • Local Market News
    • Corporate News
    • PLC News
  • SPECIAL FEATURE
  • COMPASS
    • Financial
    • Investment
    • Start Up
    • Capital
    • Infographics & Quotes
  • MONEY TUBE
  • LIFESTYLE
  • PR NEWSWIRE
Subscription Newsletter
Money Compass
  • HOME
  • NEWS
    • Global Market News
    • Local Market News
    • Corporate News
    • PLC News
  • SPECIAL FEATURE
  • COMPASS
    • Financial
    • Investment
    • Start Up
    • Capital
    • Infographics & Quotes
  • MONEY TUBE
  • LIFESTYLE
  • PR NEWSWIRE
No Result
View All Result
中文 Bahasa eCommerce
Money Compass

Pretending to be normal: Attackers misuse legitimate tools in 30% of successful cyber-incidents

by moneycompass
August 17, 2020
in Lifestyle
tools
Share on FacebookShare on WhatsApp

Almost a third (30%) of cyberattacks investigated by the Kaspersky Global Emergency Response team in 2019 involved legitimate remote management and administration tools. As a result, attackers can remain undetected for a longer period of time. For instance, continuous cyber-espionage attacks and theft of confidential data had a median duration of 122 days. These findings are from Kaspersky’s new Incident Response Analytics Report.

Monitoring and management software helps IT and network administrators perform their everyday tasks, such as troubleshooting and providing employees with technical support. However, cybercriminals can also leverage these legitimate tools during cyberattacks on a company’s infrastructure. This software allows them to run processes on endpoints, access and extract sensitive information, bypassing various security controls aimed to detect malware.

In total, the analysis of anonymized data from incident response (IR) cases showed that 18 various legitimate tools were abused by attackers for malicious purposes. The most widely used one was PowerShell (25% of cases). This powerful administration tool can be used for many purposes, from gathering information to running malware.

PsExec was leveraged in 22% of the attacks. This console application is intended for launching processes on remote endpoints. This was followed by SoftPerfect Network Scanner (14%), which is intended to retrieve information about network environments.

It is more difficult for security solutions to detect attacks conducted with legitimate tools because these actions can be both part of a planned cybercrime activity or a regular system administrator task. For instance, in the segment of attacks that lasted more than a month, the cyber-incidents had a median duration of 122 days. As they were undetected, cybercriminals could collect victims’ sensitive data.

However, Kaspersky experts note that sometimes malicious actions with legitimate software reveal themselves rather quickly. For example, they are often used in a ransomware attack, and the damage is seen clearly. The median attack duration for short attacks was a day.

“To avoid detection and stay invisible in a compromised network for as long as possible, attackers widely use software which is developed for normal user activity, administrator tasks and system diagnostics. With these tools, attackers can gather information about corporate networks and then conduct lateral movement, change software and hardware settings or even carry out some form of malicious action.

“For example, they could use legitimate software to encrypt customer data. Legitimate software can also help attackers stay under the radar of security analysts, as they often detect the attack only after the damage has been done. It is not possible to exclude these tools for many reasons, however, properly deployed logging and monitoring systems will help to detect suspicious activity in the network and complex attacks at earlier stages,” comments Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky.

To detect and react to such attacks in a timely manner, among other measures, organizations should consider implementing an Endpoint Detection and Response solution with an MDR service.

To minimize the chances of remote management software being used to penetrate an infrastructure, Kaspersky also recommends the following measures:

  • Restrict access to remote management tools from external IP addresses. Ensure that remote control interfaces can only be accessed from a limited number of endpoints
  • Enforce a strict password policy for all IT systems and deploy multi-factor authentication
  • Follow the principle of offering staff limited privileges and grant high-privileged accounts only to those who need this to fulfil their job

 

Read more: 7 Ways to Unlock Regional Opportunities and Engage Audiences

Tags: Cyber attackCyber securityinternet
ShareSendShareSendTweetShare
Previous Post

ZTE to launch the world’s first 5G smartphone with under-display camera on September 1, 2020

Next Post

Great Big Story celebrates the innovative spirit of Singapore’s Problem Solvers

Related Posts

first home, house, buyer,
Lifestyle

First Home Buying Tips in Malaysia You Need to Know

23 Sep 2022
travel insurance, trip,
Lifestyle

Why Travel Insurance Is A Must For Your Trip

07 Sep 2022
United in one heart and mind, each year, thousands of staff from across the global offices of Swiss pharmaceutical company Roche, put on their walking shoes in support of children in need who deserve a helping hand towards a brighter future.
Lifestyle

Roche Children’s Walk Raises RM63,200 For Disadvantaged Children

16 Aug 2022

Discussion about this post

MOST POPULAR

  • The 12th International Conference on Financial Crime and Terrorism Financing (IFCTF) 2022 saw Bank Negara Malaysia's (BNM) governor talk about the ringgit's status.

    Malaysian ringgit ranked as cheapest currency in region

    0 shares
    Share 0 Tweet 0
  • Top 100 SMEs Defy Economic Headwinds to Post Triple-Digit Growth

    0 shares
    Share 0 Tweet 0
  • How to Start Trading on the Malaysian Stock Market

    5 shares
    Share 5 Tweet 0
  • FORTUNE RELEASES ANNUAL FORTUNE GLOBAL 500 LIST

    0 shares
    Share 0 Tweet 0
  • InterOpera inks strategic MOU with DAOL (THAILAND)

    0 shares
    Share 0 Tweet 0

MEMBERSHIP SUBSCRIPTION

Subscribe Now

Sign Up for Our Free Newsletters

Stay up-to-date with the latest personal wealth-related articles, breaking financial market news, and more.

Follow us on Social Media

News
Special Feature
Compass
Money Tube
Smart Lifestyle
Corporate Profile
Advertise
Subscriptions
Career
Contact Us
eLearning
Events
Privacy Policy
Terms of Use
Strategic Partners

Copyright © . Money Compass. All Rights Reserved.

Design and Development by Ant Internet Sdn Bhd

No Result
View All Result
  • HOME
  • NEWS
    • Global Market News
    • Local Market News
    • Corporate News
    • PLC News
  • SPECIAL FEATURE
  • COMPASS
    • Financial
    • Investment
    • Start Up
    • Capital
    • Infographics & Quotes
  • MONEY TUBE
  • LIFESTYLE
  • PR NEWSWIRE

© 2020 Money Compass

Career

SUBSCRIBE FREE NEWSLETTER