According to Kaspersky Lab, a Russian-based multinational cybersecurity and anti-virus provider, cybercriminals use software developed for regular user activity, administrative tasks, and system diagnostics. Hackers use these legitimate remote management tools to avoid getting caught quickly after carrying out their attacks. The report highlighted that attackers abused 18 various legitimate tools for malicious purposes. In this article at Security Intelligence, David Bisson explains some of the cybersecurity incidents that involve the misuse of legitimate services.
The Current Trends
As hackers use legitimate management tools, cybersecurity personnel find it difficult to discern between regular user activity and malicious activity. “This difficulty gives attackers more time to access an organization’s network, discover its critical assets and target sensitive information,” explains David.
Nearly one-third (38.6%) of these malicious incidents detected by Kaspersky Lab involved cybercriminals misusing legitimate services used in executing code. The Russian security firm also revealed that PowerShell and PsExec are the most widely misused services by attackers. PowerShell is a powerful administration tool used by many organizations to gather information. On the other hand, PsExec is a console application intended to launch processes on remote endpoints.
With these tools, attackers gather information about corporate networks and then conduct lateral movement, such as changing the hardware and software settings or carrying out some malicious action.
Ways to Prevent
For many organizations, it is impossible to exclude these tools. However, adequately deployed logging and monitoring systems will undoubtedly help detect suspicious activity in the network and complex attacks at the initial stage. Additionally, security professionals must monitor user and network behavior and correlate these observations with known threat indicators. Besides, organizations must restrict access to remote management tools from external IP addresses. The organizations must enforce a strict password policy for all the IT systems and deploy multi-factor authentication.
Knowing the biggest threats to your organization is the first step towards protecting confidential data. However, it takes a lot of hard work, expertise, and vigilance to minimize your cybersecurity risks. To read more about the misuse of legitimate services, click on https://securityintelligence.com/news/cybersecurity-attacks-legitimate-services/.