BEST OF THE WEB

Looking for malware on your network? That may be the wrong strategy

Firewalls and anti-malware are an important part of every CISO’s defence strategy, but they aren’t the only weapons that are needed. That’s because increasingly attackers aren’t using malware at all.

Proof is in a recent analysis of attacks by Dell SecureWorks’ incidence response team. According to a news report, nearly all the intrusions studied rarely used malware to avoid detection. Instead they gained access to an employee’s credentials through normal means like a phishing attack, then once inside use administrator tools to steal more credentials and help exfiltrate data.

The report again shows the importance of making sure all IT users are security-aware, to limit access to sensitive data, to increase the use of two-factor authentication across the enterprise and make sure particularly those who do have access to sensitive data are wary of what’s going on.

In one case Dell investigated, attackers accessed a server that sent software security updates to all the endpoints in the company. But instead of patching the systems, the platform was used to obtain additional credentials.

A Dell official also suggests user behavior software can also help spot suspicious activity.

Read the full story here

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web