Those organisations that do monitor outgoing internet traffic mainly monitor and filter based upon categories, but what if the malware uses the Internet Relay Chat traffic over http, or is using encrypted URL’s? Malware authors know how business operates and are using these channels to infect or create a backdoor that allows communication with the Command and Control servers, or sites that host multiple malware samples. Many companies have their network defence technology, like a firewall, poorly configured to monitor outgoing traffic for suspicious patterns.
This means that network ports regarding Internet traffic, DNS and email are open to at least a part of the network or in some cases direct to the desktop without any filtering or layered defence.
So how is it possible that this malware was undetected? All companies connected to the Internet have Intellectual Property (IP), Personal Identifiable Information (PII) or other interesting/sensitive data stored or used in their systems and are therefore potential targets for criminals.Īlmost all organisations today need or use Internet and email connectivity. These investigations started with the detection of unknown customized malware, hiding on corporate networks and ended in large investigations regarding Data Loss. Examples include: Operation Aurora, Night-Dragon and recently Shady-RAT. the hunger for secrets and intellectual property is significantly on the rise. Where financial gratification is the main motivator for cybercrime, it seems that espionage, i.e. Over the years use of malware has dramatically changed, ranging from programmers exploring the malicious possibilities of their programming code, copycats trying to combine code snippets, through to organized crime and governments using custom made malware for their purposes. How agile is your defence and how can you detect if malware used in a targeted attack is present on your network? The malware threat landscape has changed.
0 kommentar(er)
