February 19, 2014 By John D. Johnson 2 min read

All Hands to Battle Stations! The Enterprise is Under Attack!

No, this is not the start of a sci-fi story, it is the reality that enterprise IT security defenders face in 2014. Attackers are waging an asymmetric battle for our networks, assets and data. Their attacks are increasing in sophistication, velocity and volume. Meanwhile, IT systems are becoming more complex and enterprise resources extend beyond the traditional perimeter boundaries, and enterprise data is used in social media, cloud services and stored in the cloud and on mobile devices. Suppliers and contractors remotely access enterprise networks and resources by VPN and virtual desktops. We truly have our work cut out for us.

Advanced threats have been shown to pose a significant threat, if they can gain a foothold in the enterprise. Recent attacks against retail giants like Target and Neiman Marcus demonstrate that even companies with leading security controls, which are certified as PCI compliant are at risk. Remote access, credentials abuse and malware are on the increase, and it motivates improved diligence by security defenders. The traditional approach has been to look for signatures of malware or an attack, so it can be blocked. Anti-malware, intrusion detection and vulnerability management focus on ‘known malicious behavior’. The bulk of attacks, today, are based on 0-day exploits and undiscovered vulnerabilities. In many cases, the attack vector leverages software that is not quickly patched, or that cannot be patched for fear of breaking enterprise applications. Examples are PDF files, Java and Office file formats.

Like a game of chess, there are many moves possible, but there are certain stages in the threat lifecycle where the attacker has fewer options. These are strategic chokepoints, where malicious code seeks to exploit a system and where it attempts to establish a connection to a command and control channel. Trusteer Apex applies this knowledge to break the exploit chain and prevent compromise on endpoints.

Defending like an attacker

In the recent Target breach and in other high-profile attacks, both remote access connections and privileged credentials have been leveraged and abused. Trusteer Apex provides protection of corporate credentials, against reuse on other websites and from keystroke logging by malware. When suppliers and contractors connect to the enterprise remotely, their computers are in an unknown state. They may not be patched and secure, and there is a good likelihood that some of these systems are already compromised. The application of Trusteer Apex for remote access by non-corporate assets adds an important layer of security to address this gap. A key additional factor in the selection of Trusteer Apex was the ease of deployment and management, especially when dealing with non-corporate assets. Because of the adoption of Trusteer Apex by large financial institutions with up to millions of customers, we recognized that this solution would require a low level of support.

Defenders need to think like attackers. As corporate strategy moves to adopt consumer technologies to grow and compete globally, and as the threat landscape becomes more aggressive, it is more important than ever to develop a risk-based, layered security strategy to defend against sophisticated adversaries. Trusteer Apex addresses some key gaps that are missing in traditional endpoint and network security controls. It is a key piece to an enterprise IT security strategy for advanced threat protection.

More from Malware

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - Summary As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today