Risk Level: MODERATE
Method of entry:
Small Application / script payload / website link / email or spam
How it works:
Small every changing random payload scripts are carried in and quietly usually on the back of an email, usb file, freeware program, facebook looking invites, shared movie files, shared audio torrents etc.
Method of deployment:
Slow deployment will not replicate itself and send off warning signals. Instead it sits quietly in its random form listing, learning, keying every website and keystroke. Eventually the most complex can initiate simple web sessions and “post” the data in the background using open web ports to the hackers servers. From there data is sourced and filtered, used and sold depending on the quality.
Desktops and Laptops contain user logon information to what matters; Data, bank information, credit information, identity. Hackers know this and realize the complexity of network hacks becomes difficult. Hackers are like electricity….they date the path of least resistance, and right now it seems the end-point is the place. Why try to hack through huge defenses, when you can ride in and learn all the passwords through an unprotected trusted employee?
Who is doing it:
Out of country hackers primarily, open source software. Thousands of faceless hackers work to develop and implement cross border attacks as enforceability is non-existent.
Why it can be a substantial threat:
It’s not defended using traditional methods of black list AV and malware. Anti technologies must first identify a “match” before it can block a threat. What if the threat keeps changing, keeps morphing, and randomizes?
How to mitigate:
The trillion dollar question is how to mitigate. Ironic that’s the kind of numbers in loss we are talking about if not handled. Impact on every organization is significant and should be top of mind. Technical Recommendations – We recommend software that limits payload deployment. Identifying what payloads or applications can run via a whitelist is a safe layer of defense as most other randomly created threats and applications fly right through AV. Executable white listing is simple and easy managed from a simple server software.