Monday, September 21, 2020

Cybercriminals often misuse legitimate tools in their attacks: Report

Must Read

Xiaomi’s ‘Mi India on Wheels’ begins retail journey in India

New Delhi: Xiaomi’s smartphone and smart TV sub-brand Mi India on Monday launched ‘Mi Store on Wheels’ to take...

Cricket Australia recruits experts to improve diversity, inclusion

Sydney, Sep 21 : Cricket Australia will enlist the assistance of a wide range of experts and sportspeople to...

Realme spruces up narzo series with 3 smartphones in India

New Delhi: Ramping up its popular narzo series keeping the youth in mind, smartphone brand Realme on Monday launched three...

New Delhi: Cybercriminals widely use software developed for normal user activity, administrator tasks and system diagnostics to avoid getting caught quickly after carrying out their attacks, warns a new report by cybersecurity firm Kaspersky.

Almost a third of cyber attacks that the Kaspersky Global Emergency Response team investigated in 2019 involved legitimate remote management and administration tools.

In total, the analysis of anonymised data from incident response cases showed that 18 various legitimate tools were abused by attackers for malicious purposes, according to the company’s new ‘Incident Response Analytics Report’.

The most widely used one was PowerShell. This powerful administration tool can be used for many purposes, from gathering information to running malware.

Another tool, PsExec, was leveraged in 22 per cent of the attacks. This console application is intended for launching processes on remote endpoints.

This was followed by SoftPerfect Network Scanner, which is intended to retrieve information about network environments.

It is more difficult for security solutions to detect attacks conducted with legitimate tools because these actions can be both part of a planned cybercrime activity or a regular system administrator task.

“With these tools, attackers can gather information about corporate networks and then conduct lateral movement, change software and hardware settings or even carry out some form of malicious action,” Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky, said in a statement.

“It is not possible to exclude these tools for many reasons, however, properly deployed logging and monitoring systems will help to detect suspicious activity in the network and complex attacks at earlier stages,” Sapronov said.

To minimise the chances of remote management software being used to penetrate an infrastructure, organisations should restrict access to remote management tools from external IP addresses, the company recommended.

Moreover, they need to ensure that remote control interfaces can only be accessed from a limited number of endpoints, enforce a strict password policy for all IT systems and deploy multi-factor authentication, Kaspersky said.

It is better to follow the principle of offering staff limited privileges and grant high-privileged accounts only to those who need this to fulfil their job.

Subscribe us on The Siasat Daily - Google News

Latest News

Xiaomi’s ‘Mi India on Wheels’ begins retail journey in India

New Delhi: Xiaomi’s smartphone and smart TV sub-brand Mi India on Monday launched ‘Mi...

Cricket Australia recruits experts to improve diversity, inclusion

Sydney, Sep 21 : Cricket Australia will enlist the assistance of a wide range of experts and sportspeople to develop the next stage of...

Realme spruces up narzo series with 3 smartphones in India

New Delhi: Ramping up its popular narzo series keeping the youth in mind, smartphone brand Realme on Monday launched three new devices offering latest processors,...

Dhawan misses chance to equal Raina’s record

Dubai, Sep 21 : Delhi Capitals star batsman Shikhar Dhawan missed out on a chance to equal Suresh Raina’s Indian Premier League milestone. During the...

Google Pay rolls out NFC-Based tokenised card payment in India

New Delhi, Sep 21 : Google Pay in collaboration with Visa and banking partners on Monday rolled out tokenisation across its platform, enabling users...

More Articles Like This