Protection from automatic pointed attacks has become a topic of issue for the last few years on the information security market. However, a pointed attack in common understanding at first was represented as a result of a long term and professional work of a cyber-criminals organized gang in order to get expensive critic data.
At the present time, against the background of technology development, forum open-source popularization (e.g.Github, Reddit) and Darknet, representing original codes of malware and describing actions step-by-step on its modification (for inability to detect by signature analysis) and host infection, cyber-attack realization has become significantly simpler .In order to implement a successful attack, accompanied by evil effects for the owners of automatic and information systems, an amateur user and enthusiasm in sorting out material represented online / Darknet.
Money making is what motivates such a criminal activity. The simple stand therefore, the most wide spread is a net host infection with malware of Ransomware kind. Its popularity has grown rapidly for the last 2 years.
In the beginning of the year 2017 the leading manufacturers of information security facilities such as Kaspersky Lab, McAfee Labs, SophosLabs, Malwarebytes Labs, TrendMicro and oths called Ransomware one of the main threats of information security for governmental and commercial organizations of different scopes of activities and scales.
There are many Ransomware pointed attack cases. The main aim of criminals are systems based on Windows family, however, there are various versions of Ransomware for UNIX/Linux, MacOS families, let alone iOS and Android mobile platforms.
There are repellents though. Among them is No More Ransom! In the first place, it is an open project providing victims of the attacks with data decoding means (in the case of the inscription key breaking). Secondarily, specialized open-source protection means from viruses-encoders. Then again, they either analyze software behaviour on signature or are unable to detect an unknown virus or provide with malware block after its effect onto the system (encrypting part of the data).
Specialized open-source solutions are applicable by Internet users on private / home devices, big companies, processing great deal of information, including critical, it is necessary to provide with complex pro-active protection from pointed attacks.
Character of cyber threat is always changing, thus, methods of protection should change along. With the appearance of pointed attacks and up-to-date constant threats; it became obvious that information security requires a new approach. Traditional methods can no longer provide with enough protection from cyber threats.
Up-to-date constant threats and pointed attacks are able to work way through standard protective barriers and unnoticeably steal valuable insights or do injurious actions for months. Organizations we have to trust, financial and healthcare settings, retail business sizable enterprises and so on are the most probably victims of such attacks.
According to the data from «PC World» Magazine in the year 2011,the number of difficult and pointed attacks increased by 81 %, and studies of Verizon Company for the year 2012showed that 855 cyber security failure events happened and as a result, 174 million of records were on the chopping block.
In accordance with the study conducted in 2012byPonemon Institute, there are 1, 8 successful attacks per week for every organization with damage for 56 big companies in the USA due to cyber-crimes. An average size of damage for each company amounted to8, 9 million American dollars due to cyber-crimes.
- Social — pointed at certain people with using social engineering techniques and modern and malware;
- Difficult — using sensibilities, with the help of backdoors stealing and using valid registration details;
- hidden — conducted in terms of barely visible action series, which are impossible to be seen by traditional protection features or which are lost among thousands of created events records daily.
How to stand against cyber-attacks, the number of which grows rapidly?
It would be a perfect solution to combine safety infrastructure in to a flexible and tuned security system corresponding to protection tasks of a certain environment from cyber-attacks. It would allow not defining and analyzing attacks only but also fighting back those who stand behind them.
Network Defence is a specialized security platform, which is able to define Day 0 malware, suspicious data exchange and attack actions invisible for a traditional security system on a scale of entire network.
It starts a suspicious code with in safe controlled conditions, which is possible to optimize and tune to rise in productivity and to protect the system from attack methods oriented on the environment isolation.
The solution provides with detailed information on a danger level, source and peculiarities of the attack, let alone unique running on-line data, by means of which it is possible to modify a security system properly in order to protect from the following attacks.
Such a solution makes it to where it becomes possible to keep under control the pointed attacks and up-to-date constant threats during their service life:
- To detect malware, suspicious data exchange and attack actions irreplaceable for traditional security systems;
- To analyze the danger level and attack characteristics and the one who attacks;
- Automatically modify a security system in order to provide with protection;
- take retaliatory measures based on information required to oppose certain hackers.
Simplicity of implementation and low cost of cyber-attack organization expenses (Ransomware, DDoS, web-applications attacks and soon) leads to increasing the number of cyber criminals with decreasing the average level of technology awareness of the one who attacks at the same time. Within this context, the likelihood of information security threats implementation enhances in corporate sphere and necessity in providing a complex protection.