What You Should Know to Avoid Advanced Malware Hacks
Advanced malware hacks (also known as advanced persistent threat or APT) have been all the rage lately. Such targeted attacks are highly sophisticated and extremely difficult to detect — that is, unless you have the proper controls and the network and/or host layers.
There was once a project where a large enterprise was targeted by a Nation State (presumably because of the line of work the enterprise was in) and ended up having over 10,000 Windows servers and workstations infected by malware.
The enterprise’s big box antivirus software was none the wiser. The project turned out to be an extensive exercise in incident response and forensics. The infection was traced back to a phishing attack that subsequently spread to all the systems while, at the same time, installing password-cracking tools to attempt to crack the local SAM file on each Windows machine.
This advanced malware infection is just one of countless examples of new advanced malware that most organizations are not prepared to prevent. The obvious solution to prevent such attacks is to keep users from clicking malicious links and preventing malware from being “dropped” onto the system. That’s tough, if not impossible, to prevent.
The next best thing is to use technology to your advantage. Advanced malware monitoring and threat protection tools such as Damballa Failsafe, Next-Generation IPSs such as what’s offered by Sourcefire, and whitelisting technologies such as Bit9’s Parity Suite that helps protect the host are a great way to fight this threat.
The bottom line: Don’t underestimate the risk and power of targeted malware attacks.