A depressing new report by security firm LightCyber opines that hackers are using cyber weapons to evade detection when deploying attacks to IT systems rather than malware. In fact, the report says that cybercriminals are using sophisticated tools and cyber weapons to compromise networks and exfiltrate data once they use malware to access the system.
Although malware is used to intrude into the system, it is not used in the active phase of an attack. Once hackers use malware to intrude into the system, they are then using other tools to gain control of the compromised system to expand their access throughout the system in order to take over more machines and data of the victim company.
According to the report, 99 percent of “internal network reconnaissance and lateral movement” within the system once the hackers gain access into the system originates from the use of legitimate applications, such as scanner and riskware to access data and move throughout the system. This is how the hackers are able to have undetected access in a system for months, or even years. It also enables the attackers to have access to the system even after the malware is removed from the system. Sigh.
Even more depressing is the conclusion of LightCyber that the hackers are exploiting Chrome, Internet Explorer and Firefox for command and control activity once they are successful in using malware to get into the system. Another disappointing conclusion of the report states that malware detection tools are “almost entirely fruitless” once access is successful.
So now what? According to the report, the final conclusion is: “[T]o thwart attacks, organizations need to effectively monitor the entire ‘attack kill chain.’ By implementing defense-in-depth based on detecting anomalous attack behavior as well as enforcing perimeter and endpoint prevention, organizations can stop the attacker at any stage of an attack and make sure that if one safeguard fails, another one can prevent a costly breach.” Bottom line? It is important to implement tools in order to detect malware and other tools that are enabling hackers access into, and movement throughout an IT system.