Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SOURCE 2016: It's behavior, not names, that gives attackers away

Taylor Armerding | May 20, 2016
It’s not the name of the threat, but how it behaves that will most likely help defenders bust it.

In targeted attacks, he said, eventually, “somebody puts their fingers to the keyboard,” and begins to exhibit behavior that can be tracked and analyzed. “Malicious behaviors are similar across platforms,” he said. “You’re looking for flow patterns at the packet level. It’s a whole sequence that causes the algorithm to fire.”

He cited the example of a remote-access Trojan (RAT) called GlassRAT that went undetected for several years until RSA discovered and reported on it late last year.

It targeted Chinese nationals associated with large, multinational corporations.

It escaped detection by antivirus tools, “and was highly successful at avoiding signatures,” Banic said, “but when we investigated it, the algorithm fired within 15 minutes.”

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.