Monday, Sep 21, 2020 | Last Update : 10:52 PM IST

180th Day Of Lockdown

Maharashtra118801585793332216 Andhra Pradesh6177765307115302 Tamil Nadu5364774812738751 Karnataka5113454048417922 Uttar Pradesh3362942632884771 Delhi2347011981034877 West Bengal2155801870614183 Telangana1713061397001033 Odisha167161133466722 Bihar164224149722855 Assam150349121610528 Kerala12221687341490 Gujarat119088999083271 Rajasthan109088906851293 Haryana103773816901069 Madhya Pradesh97906743981877 Punjab90032658182646 Chhatisgarh7777541111628 Jharkhand6710052807590 Jammu and Kashmir5971138521951 Uttarakhand3713924810460 Goa2678320844327 Puducherry2142816253431 Tripura2069612956222 Himachal Pradesh11190691997 Chandigarh92566062106 Manipur8430653951 Arunachal Pradesh6851496713 Nagaland5306407910 Meghalaya4356234232 Sikkim2119178923 Mizoram15069490
  Technology   In Other news  09 Aug 2020  IT support staff beware, hackers could be using your troubleshooting software for attacks

IT support staff beware, hackers could be using your troubleshooting software for attacks

THE ASIAN AGE | ASIAN AGE WEB DESK
Published : Aug 9, 2020, 6:50 pm IST
Updated : Aug 9, 2020, 6:50 pm IST

Software employed by IT support staff for everyday tasks were used in 30 per cent of cyber attacks, security solutions firm Kaspersky said.

It is difficult for security software to detect attacks perpetrated with legitimate tools as these actions could be either a cybercrime activity or a regular system administrator task, Kaspersky warned. (Photo | Pixabay - Gerd Altmann)
 It is difficult for security software to detect attacks perpetrated with legitimate tools as these actions could be either a cybercrime activity or a regular system administrator task, Kaspersky warned. (Photo | Pixabay - Gerd Altmann)

Tools used by the IT administrative staff of firms to provide employees with technical support are increasingly being used by cybercriminals to launch attacks on company infrastructure, a report by cybersecurity firm Kaspersky’s Global Emergency Response team said.

Almost a third (30%) of cyber attacks investigated by the Kaspersky Global Emergency Response team in 2019 involved legitimate remote management and administration tools, Kaspersky’s new Incident Response Analytics Report found.

 

This should be of major concern to CIOs (Chief Information Officers) of companies.

Monitoring and management software help IT and network administrators perform their everyday tasks, such as troubleshooting. However, cybercriminals also make use of them to mount cyber attacks on a company’s infrastructure. The software allows them to run processes and access and extract sensitive information, bypassing various security controls aimed at detecting malware, Kaspersky said in a statement.  

“To avoid detection and stay invisible in a compromised network for as long as possible, attackers widely used software that is developed for normal user activity, administrator tasks and system diagnostics,” Kaspersky’s Head of Global Emergency Response Team Konstantin Sapronov said, based on findings of the report.

 

It is difficult for security software to detect attacks perpetrated with legitimate tools as these actions could be either a cybercrime activity or a regular system administrator task, the company’s statement said. The attack is often detected only after the damage has been done.

While it is not possible for companies to exclude the use of these tools for many reasons, Sapronov said that properly deployed logging and monitoring systems would help detect suspicious activity in the network and complex attacks at early stages.

To minimise the chances of remote management software being used to penetrate infrastructure, Kaspersky has some recommendations.

•Restrict access to remote management tools from external IP addresses. Ensure that remote control interfaces can only be accessed from a limited number of endpoints.

•Enforce a strict password policy for all IT systems and deploy multi-factor authentication.

•Follow the principle of offering staff limited privileges and grant high-privileged accounts only to those who need them to fulfil their job.

 

As for which software tools were most widely used in the attacks, analysis of anonymised data from incident response cases showed that 18 different legitimate tools were abused by attackers including PowerShell in 25 per cent of cases, PsExec (22%) and SoftPerfect Network Scanner (14%), the Kaspersky report quoted in the statement said.

Tags: cyber attacks, kaspersky, security solutions, cyber security