Huffpost Business
THE BLOG

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

Nir Polak Headshot

Who's Sneaking Around Your Business Network Undetected?

Posted: Updated:
Print

Malware has become the big bad wolf in cybersecurity circles, and businesses around the globe are quickly buying up the latest detection technologies to protect their IT networks. However, the problem is that hackers are creating new forms of malware at a clip of 82,000 per day, making it impossible to protect against every single one. Not to mention that removing the malware does not mean you have removed the threat. Hackers frequently slip by malware protections to gain access to login credentials. Once they achieve this, hackers can move through business IT networks disguised as valid users in order to access any and all company data. This is how hackers made off with nearly 70 million stolen customer records in the now infamous Target data breach of late 2013. By the time malware is detected, it could be too late to save confidential data. To address the real problem, there needs to be a better (and faster) way to identify when login credentials have been compromised.

The easiest way for hackers to plant malware is by tricking someone into doing it for them through social engineering tactics, such as email phishing, calls from a fake help desk or infected flash drives that are sent to the company. Malware is typically used only at the beginning of an attack to steal credentials, which are then used throughout the duration of the attack. And 82 percent of malware disappears after one hour. No one is immune, whether you're an employee, head of IT security or even the CEO - and no one wants to be the one to not only unlock the back door, but hold it open for a hacker to walk through.

There are a few important defense techniques you can practice to better protect yourself from data breaches.

  • Be careful what information you share publicly. As any good warrior knows, you need to do reconnaissance on your target before launching an attack. This is where it all begins. Hackers monitor the activities of a company's employees on social networks to scour them for information about their work and personal connections, hobbies, favorite sports teams, frequently visited places and other details. All they need is one window to successfully plant the malware. Take, for example, one incident where attackers infected an online Chinese restaurant menu to breach a big oil network.
  • Paranoia is a good thing. Did you get a new flash drive in the mail from an unknown sender? It's probably not a good idea to plug it into your computer. Did you get a call from someone claiming to be a help desk operator? Appearances aren't always what they seem to be, and you should always consider the possibility that it's someone trying to trick you into downloading malware. This common social engineering tactic is called pretexting. Thanks to thorough reconnaissance work, attackers can easily create credible scenarios.
  • Avoid click bait. Email phishing is another common social engineering tactic, in which the attacker creates a realistic subject line asking recipients to check out the company's newest retirement plan. Only instead of a retirement plan, unsuspecting users just downloaded malware onto their computers. One attacker crafted a subject line so convincing, the recipient pulled it out of his spam folder.
  • Watch out for distractions. Distributed denial-of-service (DDoS) attacks are another thorn in the sides of IT security teams. Whereas DDoS attacks are typically used to flood a website with so much bad traffic that it eventually shuts down, sometimes they can be used to distract security teams so malware can be implanted. Businesses that find themselves under attack should always check under the hood for something even more sinister going on.
  • Determine good versus bad employee behavior. Businesses need a system to track how users access and maneuver within IT environments. Once a baseline for this good behavior is set, businesses can start to quantify anomalies. Are the credentials of an employee who lives in San Francisco being used access the network from Atlanta? Are they being used to access a part of the network for which the employee has no use? The bigger the deviation from the employee's normal behavior, the bigger the red flag.
Malware will continue to evolve, and there will always be someone who falls for a social engineering tactic, no matter how strong your business' security posture. You could have the best malware-fighting machine in the world, but what about your partners and vendors that need to access the network, as well? But it's the stolen credentials that are the goal for hackers, so employees, IT security teams and business owners alike need to focus their efforts on identifying suspicious user behavior before it's too late.