Kaspersky patents tech that detects remote control tools
Cyber security company Kaspersky Lab has patented new technology that automates the detection of remote control tools used by cyber-criminal.
The company says the patented technology which uses machine learning will support businesses fighting advanced threats, by discovering lateral movement in corporate networks - even through encrypted traffic.
Cybercriminals take remote control of victims' computers in order to conduct malicious activities unnoticed, often reaching out to command-and-control servers through encrypted communication channels, says Kaspersky. The company says to efficiently and effectively detect remote control programmes, anti-malware solutions need to leverage complex behavioural protection systems.
With its latest patent, Kaspersky Lab says it has expanded its abilities to detect remote control applications, even if they run on encrypted channel.
The new technology works by analysing application activity, and searching for anomalous behaviour across a user's computer, it says. It picks up on any dependencies between activities occurring on the computer, and their causes, adds Kaspersky. By comparing these dependencies with defined patterns of behaviour, the technology can then make a decision about the registration of the remote attacker's computer, says the security company. It can then identify the remote control being used via unknown or even compromised safe applications, or their components, it adds.
"The detection of remote control attacks in encrypted channels is crucial for targeted attack protection, as this is the early stages of the kill chain. Remote control tools are distributed within the network during the search for, and theft of, valuable data, says Artem Serebrov, head of research and development of Anti Targeted Attack Platform for Kaspersky Lab.
"That's why it is important to be able to detect such behaviour in a very beginning. This technology will allow security officers to prevent incidents where previous layers of protection have failed to work."
The newly patented technology will become part of the Kaspersky anti targeted attack solution starting 2018.
The use of technologies such as these and others are definitely important, says Manuel Corregedor, COO of Telspace Systems
However, before investing in technologies that appear to be a silver bullet, organisations should make sure the basics are being done right - taking into consideration not only the technology but also the people and processes around that technology, adds Corregedor.
"In our assessments we sometimes find that organisations have the best technology but that it is not configured correctly, features are turned off, exceptions are made, employees are using technology they don't understand and are not skilled enough to take appropriate action when the technology alerts them."