Latest


Cybercriminals often misuse legitimate tools in their attacks: Report

  •   Fri, Aug 07 2020 06:47:44 PM

New Delhi, Aug 7 (IANS): Cybercriminals widely use software developed for normal user activity, administrator tasks and system diagnostics to avoid getting caught quickly after carrying out their attacks, warns a new report by cybersecurity firm Kaspersky.

Almost a third of cyber attacks that the Kaspersky Global Emergency Response team investigated in 2019 involved legitimate remote management and administration tools.

In total, the analysis of anonymised data from incident response cases showed that 18 various legitimate tools were abused by attackers for malicious purposes, according to the company's new ‘Incident Response Analytics Report'.

The most widely used one was PowerShell. This powerful administration tool can be used for many purposes, from gathering information to running malware.

Another tool, PsExec, was leveraged in 22 per cent of the attacks. This console application is intended for launching processes on remote endpoints.

This was followed by SoftPerfect Network Scanner, which is intended to retrieve information about network environments.

It is more difficult for security solutions to detect attacks conducted with legitimate tools because these actions can be both part of a planned cybercrime activity or a regular system administrator task.

"With these tools, attackers can gather information about corporate networks and then conduct lateral movement, change software and hardware settings or even carry out some form of malicious action," Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky, said in a statement.

"It is not possible to exclude these tools for many reasons, however, properly deployed logging and monitoring systems will help to detect suspicious activity in the network and complex attacks at earlier stages," Sapronov said.

To minimise the chances of remote management software being used to penetrate an infrastructure, organisations should restrict access to remote management tools from external IP addresses, the company recommended.

Moreover, they need to ensure that remote control interfaces can only be accessed from a limited number of endpoints, enforce a strict password policy for all IT systems and deploy multi-factor authentication, Kaspersky said.

It is better to follow the principle of offering staff limited privileges and grant high-privileged accounts only to those who need this to fulfil their job.
  

Top Stories


Leave a Comment

Title: Cybercriminals often misuse legitimate tools in their attacks: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like