Your next cyberattack crisis may involve no malware at all
We talk about the dangers of malware variants a lot on Bytagig and for good reason. Malware and ransomware wreak havoc on systems, networks, and digital infrastructure after the infection period. Post-damage environments can take days (or even weeks) to recover from, costing businesses thousands. But here’s a thought: what about cyberattacks without using malware?
It’s cause for alarm, as good cybersecurity defense is all about detection, analysis, and network visibility. Traceless attacks, therefore, create a whole new defense conundrum. The expansion of remote resources such as “AnyDesk” allowing for distant control of systems allows hackers and attack groups to compromise a user. Once in control of digital assets, they typically launch full-scale threat campaigns to acquire data, and administrator privileges, and cause damage to the network in question.
Some attackers will create users on a compromised network and exfiltrate information. Others may try to “sync” a cloud network with a malicious one, taking valuable data. These methods and attacks are subtle and don’t leave typical digital footprints. That’s because they don’t leave behind malicious code to track, circumventing typical endpoint detection methods.
Hackers rely on stolen credentials to successfully breach a network. Thus, protecting credentials from theft is a priority for mitigating malware-free cyberattacks.
More on malware-free attacks
Leaving no trail and using hacking methods that can evade monitoring tools like anti-virus software is valuable for malicious actors. Again, the primary goal is to steal credentials, versus writing data to a specific device or infecting systems with malware.
Preventing credential theft means identifying the methods by which attackers steal data, like login info. It falls back to social engineering and phishing campaigns.
How attackers deploy their phishing schema will vary, but most will attempt to use trusted connections and ask for privileged information. If gained, how they “interact” with a network will determine what they’re after and what they can steal. To protect their networks, SMBs and organizations should do a few things:
- Double-check if accounts, passwords, and logins have been compromised as attackers use breaches from other attacks to bypass security
- Identify and seek out unusual behavior, such as administrative requests to access privileged data
- Sudden generation of new users to a network
- Contact attempts from “legitimate” appearing sources
- Duplicate or multiple runtimes of software tools
Why it’s difficult to counter
In IT and cybersecurity, there’s an abundance of automated tools to detect, flag, and stop malicious activity. While useful, the loss of the human element means catching traceless attacks (those without malware) is difficult. Since installed software and apps won’t catch these attacks, alternative methods need to be used.
Developing a healthy cybersecurity culture is one such way to do this. Additionally, understanding that attackers use legitimate software and tools to execute these attacks creates insight into their strategies. A resilient network is only as strong as its most educated worker, so educating your organization on the key points of traceless attacks will help build a stronger defense. This is especially the case if you rely on remote working resources.
So, how can you establish a strong, vigilant cybersecurity culture? Every organization is different, but there are key fundamentals to always follow.
For example, if a user identifies something that’s considered suspicious, what’s their action? How do they report it? Furthermore, how do they know when to identify something suspicious? There’s a big difference between false-flag reports (which will ultimately overwhelm your IT teams) and meaningful pings.
You can set up network “DMZs”, a neutral point between connecting systems and the organization’s actual network. A DMZ is set up to have limited or no network activity beyond authentication, so behavior outside of that protocol creates a “flag” scenario. It’s a useful blank slate to catch malicious behavior since attackers will not deploy malware for their attacks. While it does not guarantee you will stop all malware-free attacks, it creates a barrier between you and threat actors. Furthermore, it lets you track and identify behaviors associated with attacks, granting you insight into their methods.
Create a strong support network
Management and staff require a strong set of tools to report and identify potential threats. It’s the same guiding principle behind zero-trust policies or multifactor authentication. Education and resources mean there’s a cohesive team catching unusual trends, versus a single entity of IT staff who have different responsibilities to manage.
It’s also important to maintain IAM – identity access management. Everything involved with a malware-free attack deals with identity privileges and information. Creating barriers and alerts from any behavioral deviation can help detect when an attacker is present.
Use third-party resources
Even the best of them need help. Tracking and catching malware-free attacks is no simple matter, as it’s a step above the usual threat actor strategy of a brute-force computer virus. Therefore, educating your organization on best practices helps.
Seeking out MSP assistance to aid with both education and setup of security resources (MFA, DMZ connections, tracking) is also recommended.
