Hacking tactics of cyber criminals have dramatically changed: they no longer use malware to infiltrate a network. Instead hackers are resorting to compromised enterprise software to perpetrate their crime.
This is what Dell’s security service Secureworks has found. Advanced cyber attacks at present are shunning the use of malware-based penetration when they try to steal data from their targets, be it a private company, government body or an individual user.
According to Dell’s findings, attackers are looking for compromised credentials to breach an enterprise network and take advantage of legitimate software products in order to hide their malicious activities once inside the victim’s network.
The nature of such an attack is covert, therefore the cyber defense systems of companies will not work to detect such a malicious activity. Most antivirus software of private companies and organizations is designed to track and detect attacks by identifying the malware used. So when attackers no longer use malware for their illicit habits, it would be hard to determine when an attack takes place.
Even the legit security tools used by companies can be turned against them once an attacker resorts to compromised accounts in order to gain full network access. The best way to prevent this is by analyzing the behavior of employees or peers, finding abnormal patterns and behavior.
For instance, a cyber crook can seize control of a user’s credentials in order to log in to a network portal with full legitimacy. In the absence of two-factor authentication, the attacker then will be able to easily enter the network without the security department detecting the anomalous entry. The same legit software tools of the company can be used by hackers to expand the compromise.
In other cases, the attackers can also disseminate antivirus updates using a central management server in an attempt to extend the malware to end users, thereby stealing the credentials in order to log in to the network and spy on private activities of users.
This is, however, not a newfound technique by hackers. Nevertheless, it is worth pointing out that everybody should watch out on hackers that employ stolen usernames and passwords to infiltrate a network and manipulate administrator tools to hide their malicious activity.
Some users are also easy to lure into giving up their credentials to the bad hands. For instance, other attackers would pretend to be from the info security department of the company, but only intending to attack the network using various forms of disguise.