Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyber hygiene vital to combat cyberattacks that weaponise legitimate admin tools

Nayela Deeba | Oct. 24, 2017
Instead of simply fixating on malware prevention, what else should organisations do to protect and prevent themselves from new cyberattacks?

Woman hacker
Credit: GraphicStock

Cyber defenders need to do more than simply being fixated on preventing malware, urged Michael Sentonas, vice president, technology strategy, CrowdStrike

This is because cyberattackers are increasingly moving away from malware to exploiting vulnerabilities in system administration tools such as Windows Management Instrumentation (WMI) and PowerShell.

"Since these tools are legitimate, it is more difficult to detect an attack from a legitimate admin code. Think about it: How many IT admins can decode base64-encoded PowerShell scripts or can detect legitimate or false admin log ins? A capable adversary will therefore use these techniques because they know they will penetrate your network with a near 100 percent success rate," he added.

Sentonas thus advised organisations to ensure that they practise good cyber hygiene such as ensuring that all machines are patched promptly and regularly.  

Organisations should ensure that they have skilled cybersecurity professionals who can swiftly and effectively tackle cyberthreats and mitigate cyberattacks. "Besides being able to detect and stop cyberattackers' techniques, cybersecurity professionals should also get smarter at hunting the adversary; looking for breadcrumbs they use to get a trace. They should [continously learn about new cyberattack techniques] and examine if their networks have been hit by that attack in the past," Sentonas said.   

He also shared what CrowdStrike is doing to protect and prevent itself from cyberthreats. For instance, it tracks all of its electronic systems, including employees' desktops. When an employee logs into their office email and clicks on websites/links that are potentially risky, the company uses telemetry to capture those unprotected websites and secure them before hackers infiltrate into the computer system.

In addition, CrowdStrike uses machine learning to conduct threat investigations, which help to protect computerised systems regardless of whether the employee is online or offline.


Sign up for CIO Asia eNewsletters.