No doubt you’ve heard about these things called “ransomware attacks” which have appeared all over the news every now and again.
Just this summer, the NHS came under mass attack from ransomware called “WannaCry” that locked doctors and other staff out of their computers, demanding a payment to unlock their vital working information.
As usual, the government did its thing and recommended everyone kept their operating systems up to date and install strong anti-malware programmes to prevent such a crippling attack from happening again.
So. You’ve been responsible and followed these guidelines. That means you’re safe, right?
Despite the rise of massive crypto-ransomware attacks, an even more troubling trend emerged in data gathered by the security firm CrowdStrike this past year and published in the company's 2017 "Intrusion Services Casebook."
The majority of attacks the company responded to did not leverage file-based malware but instead exploited a combination of the native software of victims' systems, memory-only malware, and stolen credentials to gain access and persist on the targeted networks.
And the average attack persisted for 86 days before being detected.
Most of these "malware free" attacks didn't even need that level of technical sophistication—they exploited remote access tools, such as Remote Desktop Protocol servers or virtual private network connections, to gain access to victims' networks.
Or they attacked externally accessible Web mail portals or cloud applications—often using credentials stolen through phishing or spear phishing attacks or other social engineering methods.
That means that even if you have traditional protections such as anti-malware in place, it will be relatively incomplete without an intrusion monitoring and detection system in place as well.
In fact, there are still cases where attackers have been inside networks for many months (or even years) before the compromises were detected.
A a significant percentage of attacks are still only uncovered through notification by a third party—a customer, a bank, a payment processing company, or law enforcement.
And they may be too late.
In order to prevent these crippling and relentlessly devious attacks, the main shield is you. That’s right. You. These file-less exploits that reside in system memory rely on breaching human security aggressively.
They rely on you being lax and not double-checking things like the URL of an otherwise harmless looking website that you’ve been directed to, to see whether it directly matches the actual company’s website if you searched for it on Google.
Or checking properly the sender ID of an email that asks for your permission to change your credentials unprompted.
It’s the small details that these hackers hope you’re not paying attention to. The devil is truly in the detail.