Express Computer
Home  »  News  »  Cybercriminals often misuse legitimate tools in their attacks: Report

Cybercriminals often misuse legitimate tools in their attacks: Report

0 375

Cybercriminals widely use software developed for normal user activity, administrator tasks and system diagnostics to avoid getting caught quickly after carrying out their attacks, warns a new report by cybersecurity firm Kaspersky.

Almost a third of cyber attacks that the Kaspersky Global Emergency Response team investigated in 2019 involved legitimate remote management and administration tools.

In total, the analysis of anonymised data from incident response cases showed that 18 various legitimate tools were abused by attackers for malicious purposes, according to the company’s new ‘Incident Response Analytics Report’.

The most widely used one was PowerShell. This powerful administration tool can be used for many purposes, from gathering information to running malware.

Another tool, PsExec, was leveraged in 22 per cent of the attacks. This console application is intended for launching processes on remote endpoints.

This was followed by SoftPerfect Network Scanner, which is intended to retrieve information about network environments.

It is more difficult for security solutions to detect attacks conducted with legitimate tools because these actions can be both part of a planned cybercrime activity or a regular system administrator task.

“With these tools, attackers can gather information about corporate networks and then conduct lateral movement, change software and hardware settings or even carry out some form of malicious action,” Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky, said in a statement.

“It is not possible to exclude these tools for many reasons, however, properly deployed logging and monitoring systems will help to detect suspicious activity in the network and complex attacks at earlier stages,” Sapronov said.

To minimise the chances of remote management software being used to penetrate an infrastructure, organisations should restrict access to remote management tools from external IP addresses, the company recommended.

Moreover, they need to ensure that remote control interfaces can only be accessed from a limited number of endpoints, enforce a strict password policy for all IT systems and deploy multi-factor authentication, Kaspersky said.

It is better to follow the principle of offering staff limited privileges and grant high-privileged accounts only to those who need this to fulfil their job.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image