Cyber Security Survey: Companies Fear Advanced Attacks

This post is also available in: עברית (Hebrew)

Almost half of the companies who took part in an IDC global information security market survey (Worldwide Security Products Survey) believe that highly advanced attacks are a serious threat to their IT infrastructure.

Hackers use more and more sophisticated software tools to attack organizations. They avoid using common, well known tools, making it more difficult to detect and counter their attacks. As a result, companies demand more from their information security solutions, according to an IDC analyst.

“The high levels of sophistication of these attacks lead to an increased need for advanced protection capabilities against malicious codes. This defensive tools needs to handle multiple end-point breaches (network, internet, devices and more), and they need to efficiently handle resources in order to counter the attack and defend the organization’s data and devices”, said Kevin Baley, information security research manager at IDC EMEA.

Last year several organizations were harmed when their information security solutions couldn’t keep up with intense attacks. Hoping to profit from selling sensitive information (intellectual property, critical business information, etc.), attackers invest a lot of resources in order to buy, or develop, malicious codes that can overcome most existing solutions. In return, Kaspersky Lab develops proactive technologies that can identify malicious code even if it has never been detected before, or is used for the first time.

Out of all the new threats identified last year by Kaspersky Lab products, 87% were detected by heuristic technologies. Attackers must overcome these technologies when breaking into a network, no matter their methods.

iHLS – Israel Homeland Security

For example, if the attackers know that an organization’s network uses software with undocumented vulnerabilities, they can abuse these weaknesses without hesitation. Hackers usually abuse vulnerabilities in common software, such as Adobe Flash, Adobe Reader, Java, browsers and operating system components. Since these applications are standard and are used by the organization’s personnel, hackers assume that information security solutions will ignore any unusual behavior they exhibit and won’t detect any hostile activities. Kaspersky Lab products incorporate modules that constantly analyze code in order to detect changes, even the code of known and dependable applications. Other solutions detect and counter activities which usually occur during intrusions.

Hackers often attempt to infiltrate organizational networks by using bootkits and rootkits. These dangerous types of malicious code change the boot process of the target computer’s hard drive, in order to act before operating systems or information security programs start. Rootkit-countering technologies intercept and analyze all processes when the boot sector is accessed. They check the validity of the processes and prevent possible infections. Even if the rootkit managed to make changes to the boot process, the technology will detect and remove it.

As the BYOD trend expands workers are encouraged to use their personal devices for work-related purposes. This gives hackers more infiltration options – the wide range of mobile devices and their operating systems allow hackers to conduct a large variety of attacks. For example, when a device that contains a vulnerability is connected to the organization’s network, hackers can use the breach to access other, protected areas on the same network. Technologies for managing and securing organizational mobile devices protect against the growing volume and complexity of BYOD-related attacks.