Firewalls and anti-malware are an important part of every CISO’s defence strategy, but they aren’t the only weapons that are needed. That’s because increasingly attackers aren’t using malware at all.
Proof is in a recent analysis of attacks by Dell SecureWorks’ incidence response team. According to a news report, nearly all the intrusions studied rarely used malware to avoid detection. Instead they gained access to an employee’s credentials through normal means like a phishing attack, then once inside use administrator tools to steal more credentials and help exfiltrate data.
The report again shows the importance of making sure all IT users are security-aware, to limit access to sensitive data, to increase the use of two-factor authentication across the enterprise and make sure particularly those who do have access to sensitive data are wary of what’s going on.
In one case Dell investigated, attackers accessed a server that sent software security updates to all the endpoints in the company. But instead of patching the systems, the platform was used to obtain additional credentials.
A Dell official also suggests user behavior software can also help spot suspicious activity.