sb-nz logo
Story image

Malware isn't the problem -it's the legitimate tools you should be worried about

04 Jul 2016

Forget malware - once attackers are inside your system, 99% of post-intrusion internal attacks originate from leveraging riskware such as network scanners and legitimate applications, according to a new industry study by LightCyber.

More than 70% of targeted malware is used on one site in the initial compromise, but once in, attackers used IP and port scanners such as Angry IP scanner which accounted for 27.1% of attacks, and network discovery tools such as Nmap, the report states.

The report states that these attacks are "low and slow" and can avoid detection for up to five months. This allows attackers to learn about the network, its nodes, resources and vulnerable areas. The attacks can take three main forms: 'reconnaissance', 'lateral movement' and 'command and control communication'.

“The new Cyber Weapons Report uniquely reveals that malware is not the mechanism that network attackers use once they circumvent preventative security and compromise a network,” says Jason Matlof, executive vice president, LightCyber.

The most common attack tools observed in the study were classified into the following four categories: networking and hacking tools, admin tools, remote desktop tools and malware.

SecureCRT is an admin tool responsible for 28.5% of all incidents. Admin tools use lateral attacks to control new behaviour, remote connection, reverse shell and others.

TeamViewer was responsible for 37.2% of incidents through its remote desktop and web conferencing abilities. Once attacked, it can conduct command and control behaviour as well as other lateral violations.

The report says that attackers can also use web browsers, file transfer clients and other native system tools to extract data and control machines.

“Despite these increasingly well understood realities, our industry still has an unshakable obsession with malware. With the increasing incidence of successful data breaches and theft of company secrets, it’s clear that the conventional malware-focused security infrastructure is insufficient, and we must develop new techniques to find active attackers using their operational activities,” Matlof concludes.

LightCyber, a specialist in behavioural detection solutions, used its Magna platform to scan and analyse results. The study analysed endpoints worldwide in organisations from 1000 up to 50,000 endpoints, in industries such as finance, technology, healthcare and telecommunications.

Link image
Metrics make the e-commerce world go round
E-commerce technology leaders need to track, analyse, and act on large volumes of business and system performance data. Here is a framework for powerful e-commerce metrics.More
Story image
NZTech chief hopeful for greater diversity in tech sector
With the most diverse board ever, Muller has released a statement that highlights greater inclusion as the tech sector thrives in a pandemic-hit NZ.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More