Your biggest foe? Complacency
The sophistication of these multi-prong attacks require cyber security teams to be even more vigilant than in the past. It’s critical to understand that data breaches, for all the attention they receive, represent only one piece of the current cyber crime landscape.
Cyber security teams should identify soft spots in their networks and areas that could be valuable to criminals. For example, last year we provided threat intelligence to Symantec’s incident response team during an engagement with a large organization that found a cryptominer installed on its network. It was stunning that the IT personnel were unconcerned. They did not believe criminals using their CPU processing to generate crypto currency represented a viable threat. However, the IT people became very interested when we explained that the presence of a cryptocurrency miner effectively represented a network intrusion and could be indicative of additional malware they were not aware of. Furthermore, the presence of the cryptocurrency miner could provide a much easier path for the attackers to regain access to their network in the future as well as destabilizing potential operations due to increased CPU usage.
In the current cyber crime environment, complacency is one your biggest foes. If cyber security teams identify and effectively remediate a Trickbot infection on their network, they might breathe a sigh of relief that they have addressed the attack and can start determining whose banking credentials may have been compromised. However, given the number of customizable features of current Trickbot malware offerings, they might not realize Trickbot was also used to compromise their RDP servers.
It’s like going to a doctor for a headache and being given some aspirin, while the real problem might be that you need glasses – the headache’s may subside, but eventually your vision may become blurred. Symantec provides threat intelligence on the latest attacks that use malware in combination, so if you see one intrusion on your network you know you’d better pay extra attention to the other, related attacks.
By having a greater understanding of the threats, and the most recent threat intelligence, you can harden your network and develop training exercises to help your employees understand how to ward off these threats. You need to work extra hard to keep your network safe, because you’d better believe the Malware-as-a-Service vendors are working just as hard to keep the their “customers” – the bad guys – ahead of the latest enterprise security advances.