Dark Tales from the Cyber Crypt: How to Hunt in the Shadows
Cybersecurity pros beware
Your systems may be lurking with untold dangers and shadowy characters that could be the source of never-ending nightmares. Beware of these spine chilling tales from the Cyber Crypt this Halloween, and year-round:
Little Network of Horrors – Audrey the murderous, human eating plant grew from a tiny seedling into a massive tangle of vines with an unquenchable appetite for flesh, just like a malware infection. It finds an entry point and quietly seeds itself throughout your endpoints to carry out its objective – filling its insatiable appetite for your customer data, payment card details, company financials, and intellectual property. Once established, its sprawling tendrils can pose a challenge to uncover and eradicate.
The Boy Who Cried Wolf – Remember the boy who cried wolf? His false cries for help caused everyone to ignore him when the real wolf came around. SIEM and security alerts can cause a similar reaction. Organizations have to manually sort through hundreds to thousands of false alerts and logs a day – as in the case of Target and other high-profile incidents – cause security teams to ignore a real threat, wreaking havoc on your systems and reputation.
The Grim Reaper – The Grim Reaper scours the earth to collect human souls unless a bribe of golden coins is paid, just as hackers scour the digital universe for unsuspecting ransomware victims – rendering their computers useless until an offering of bitcoin is produced. But beware, just as the bearer of death will undoubtedly come back for its target again, ransomers often leave snippets of code on your machine after the ransom is collected – so virtual Reapers can come back for another bribe.
Footsteps in the Attic – What was that? A blip in the network or something more nefarious? Just like a ghost roaming the halls of an old estate, cybercriminals engaged in advanced persistent threats (APTs) quietly enter your network using stolen credentials and unsecured backdoors, laying carefully hidden. They quietly creep about your virtual hallways looking for unlocked doors that lead will them to your application data, IP and customer details; taking care to carry out their reconnaissance unnoticed. Then like a ghost looking for a good scare, they reveal themselves and vanish into thin air with your assets.
Hunting for Threats Hidden in the Shadows
The good news is you don’t have to run in terror from these cyber threats. Like a good vampire slayer or werewolf hunter, you just need a strategy and the right tools to stop them in their tracks.
- Assume you will be breached, if you’re not already – With dwell time averaging 6+ months and companies with healthy security budgets on the lists of cybercrime victims, it’s safe to say there’s a very high likelihood you will eventually become a victim of a cyber attack. The 2017 Cost of Data Breach Study found that organizations who can contain a breach in less than 30 days paid nearly $1 million less in total breach costs. Proactive threat hunting is the key to reducing dwell time and breach costs.
- Don’t assume your existing solutions will protect you. Firewalls, intrusion detection systems, and even antivirus are primarily in place for one reason – to prevent hacks and malicious software from getting onto a network. Unfortunately, once evaded, they offer no help in searching for a missed threat.
- Don’t sit back and wait to become a victim. Investing in employee training and threat hunting could spare you from the nightmare and costs of a breach.
- Remind employees of the dangers of phishing scams. We all know not to open the door for a stranger, train them to exercise caution when a stranger emails them.
- Proactively scan endpoints for malware or signs of suspicious code that has evaded first line defenses including EDR and Antivirus.
- Use an alert validation tool to triage alerts to quickly identify alerts that are real vs false positives.
- Incident Response must be fast and comprehensive. When a threat is found make sure your incident response efforts are swift and comprehensive. Malware can root, and seed endpoints swiftly, so be sure to unearth and eradicate any signs of infection on ALL of your endpoints.
- Get the Right Tool for the Job. Stakes for slaying vampires; silver bullets for stopping werewolves; Infocyte HUNT for post breach detection of malware and APTs that have bypassed ALL other defenses.
Infocyte HUNT enables your IT and security teams, regardless of their experience, to become threat hunters and channel a little Van Helsing – without footing the bill for his consulting services. It provides an easy-to-use, yet powerful solution to limit dwell time and proactively discover malware and persistent threats, active or dormant, know or unknown, that have successfully evaded your existing defenses. Infocyte HUNT’s agentless surveys are designed to rapidly assess network endpoints for evidence of compromise – without the burden of complicated equipment or endpoint software installations. It can even help you triage SIEM alerts – so you can spend less time chasing red herrings.
With Infocyte HUNT in your cyber tool belt, you can quickly bring threats out of the shadows and eradicate them before they can become your worst nightmare.
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: