All Eyes on User Security as Cyber Criminals Up Their Game

October 9, 2012 Alex Woodie

In the cat and mouse game between security experts and cyber criminals, there is rarely a spare moment to catch one’s breath. Just as the good guys think they have all their bases covered, the hoodlums find another way to slither past defenses and into corporate networks. Keeping a watchful eye on end-user devices is especially critical today, in light of new forms of malware, like the RAT (remote access Trojans) and polymorphic viruses.

The FBI recently warned about an increase in blended attacks against banks in the United States. Perhaps you have received one of the phishing emails that look remarkably like legitimate emails sent by banking institutions. But you had best not click on those emails, because it is likely to install a RAT onto your computer. If you fall a little further into the criminal’s trap and are actually duped into entering your log-in information, then you could see your bank account wiped out.

Obviously, attacks on banks are nothing new. Banks will always attract thieves because “that’s where the money is,” as the notorious bank robber Willie Sutton put it.

But as the big banks shore up their defenses, cyber criminals are going down market and using their RAT-phishing attack against smaller regional banks and companies in other industries, says George Tubin, a senior security strategist for Trusteer, a security software firm based in Boston, Massachusetts.

Since it was founded six years ago, Trusteer has focused its efforts on helping protect banks. The company’s software is designed to prevent sophisticated malware from invading corporate IT systems. Its offerings complement traditional antivirus tools by closely watching the behavior of sensitive applications, as opposed to the traditional approach of looking for malware file signatures. Many of the largest U.S. banks use Trusteer’s protected-session technology to prevent unauthorized access to their applications, Tubin says.

But recently Trusteer began to focus on serving customers in other industries because that’s what the cyber criminals were doing. “The criminals were using very similar techniques and malware as they were using to go after bank customers to go after corporations, employees, and contractors for various companies,” Tubin says. “The criminals are using the same techniques, because they work. They’re in business to make money, and they’ve already got the low hanging fruit. So we’ve seen the cyber criminals moving from mega banks down to smaller banks” and to companies in other industries.

To hear Tubin, one gets the impression that the world’s e-commerce is a wide open field for cyber criminals, and that these opportunities are driving innovation in the computer crime industry.

Just as the legitimate IT industry has standardization, so too does the IT underworld. “A lot of these RATs are easy to get. You do a search on Google for ‘Poison Ivy,’ and you can download a RAT. Then all you have to do is get somebody to install it, which is usually easy enough to trick somebody into doing,” he says.

Cyber criminals are also struggling with “big data.” “We see in underground forums that criminals sell logs and parsing tools. They have loads and loads of data from people’s devices that are just sitting in log files that they just don’t have the bandwidth to deal with,” he says.

Polymorphic malware, in particular, is giving cyber criminals a powerful new tool to steal valuable data without triggering traditional defenses. “Polymorphic malware is designed to rewrite itself and morph into different file sizes, different file structures, and different file names, and to install itself in different places, so it’s very hard to identify using just signature-based technology,” Tubin says.

In August, Trusteer researchers discovered a new type of polymorphic malware that it named Tilon that has “great evasion capabilities. It injects itself into legitimate running processes, then erases the rest of its files so it’s only running in memory. And then before the system shuts down, it will sort of rewrite itself, rewrite the file that will execute [from disk] at startup so that it can come back to life again.”

The explosion of smartphones and tablets is only going to make the state of security even worse. Studies show that only a small fraction of users have any type of anti-malware software installed on their mobile devices, let alone advanced malware solutions like the kind offered by Trusteer. Businesses are under pressure to allow their employees to bring their devices to work. But security is compromised when those devices go home.

“It’s very easy for an employee, when off the network, to get some type of malware installed, have that malware capture credentials, then disappear,” Tubin says. “The traditional network security tools will never know that happened, and yet that employee’s credentials are now compromised.

“The problem is the network perimeter that we traditionally saw as the corporate network–the protection of the four walls–has changed. It’s no longer the network in that building. The network has now expanded out to the end points that are sitting outside the enterprise, so the more institutions are allowing employees to access the network remotely and access it from unmanned devices, whether it’s tablets or laptops or smart phones, the less the systems that are in place to protect the network can do their job.”

The Internet has never been a completely safe place, and it never will. Mobile devices are expected to outnumber PCs on the Web in the near future, and cyber criminals are practically salivating at the prospect. Unless companies and users take some kind of actions to keep their mobile devices safe in the face of changing threats, those fancy new iPhones will begin to resemble sitting ducks.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

CYBER-ATTACKS ON THE RISE. PROTECT WITH THE TRIPLE PLAY.

COVID-19 has not only caused a global pandemic, but has sparked a “cyber pandemic” as well.

“Cybersecurity experts predict that in 2021, there will be a cyber-attack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016). It is expected that cybercrime will cost the global economy $6.1 trillion annually, making it the third-largest economy in the world, right behind those of the United States and China.”1

Protecting an organization’s data is not a single-faceted approach, and companies need to do everything they can to both proactively prevent an attempted attack and reactively respond to a successful attack.

UCG Technologies’ VAULT400 subscription defends IBM i and Intel systems against cyber-attacks through comprehensive protection with the Triple Play Protection – Cloud Backup, DRaaS, & Enterprise Cybersecurity Training.

Cyber-attacks become more sophisticated every day. The dramatic rise of the remote workforce has accelerated this trend as cyber criminals aggressively target company employees with online social engineering attacks. It is crucial that employees have proper training on what NOT to click on. Cyber threats and social engineering are constantly evolving and UCG’s Enterprise Cybersecurity Training (powered by KnowBe4) is designed to educate employees on the current cutting-edge cyber-attacks and how to reduce and eliminate them.

A company is only as strong as its weakest link and prevention is just part of the story. Organizations need to have a quick response and actionable plan to implement should their data become compromised. This is the role of cloud backup and disaster-recovery-as-a-service (DRaaS).

Data is a company’s most valuable asset. UCG’s VAULT400 Cloud Backup provides 256-bit encrypted backups to two (2) remote locations for safe retrieval should a cyber-attack occur. This is a necessary component of any protection strategy. Whether a single click on a malicious link brings down the Windows environment or an infected SQL server feeds the IBM i, once the data is compromised, there is no going back unless you have your data readily available.

Recovery is not a trivial task, especially when you factor in the time sensitive nature of restoring from an active attack. This leads to the third play of the Triple Play Protection – DRaaS. Companies have myriad concerns once an attack is realized and a managed service disaster recovery allows employees to keep focus on running the business in a crisis state.

The combination of training employees with secure backup and disaster recovery offers companies the best chance at avoiding financial disruption in an age of stronger, more frequent cyber-attacks.

Reach out to UCG Technologies to discuss your company’s security needs and develop a data protection plan that fits you best.

ucgtechnologies.com/triple-play

800.211.8798 | info@ucgtechnologies.com