The cyber threat landscape started out from just a few enthusiasts finding ways to make emerging technologies work faster and better, or at least more the way they preferred versus the original developer. It quickly expanded into everything from disgruntled employees seeking vengeance against their employer to cyber terrorists ruining the reputation of organizations to cyber criminals stealing trade secrets or holding companies for ransom.
New Players Engage
It’s no secret that cyber threats and reported incidents of malware continue to increase in scale and sophistication on a global level at dizzying rates. Most everyone is familiar with what Black Hat Hackers can do, but some of the new players involved in the cyber threat game include:
- Nation-State Actors: include specific countries organizing cyber units with the intent to disrupt or cause harm to other countries or select companies. A recent article in HelpNetSecurity highlighted that “The WannaCry and NotPetya attacks – generally attributed to North Korea and Russia – have shown that an organization doesn’t even have to be the target to become a victim.”
- Organized Criminal Enterprises: no one should be surprised that organized crime syndicates have moved into the cyber world to ply their craft. According to a Business Insider article:
“This is big business now organised crime has access to automated exploit-kits and cloud-based software services that are every bit as sophisticated as (some say even more so than) those used by Fortune 500 companies. No longer do criminals need their own tame programmers. They can rent all the crimeware services they need to infiltrate a target's computer network invisibly, and remain undetected for months or years while siphoning off secrets for sale.”
Cyber criminals today are organized and developing highly-skilled resources and capabilities. They can also acquire them through an expanding black market on the Dark Web for illicit technologies, and activities. There are even conventions where like-minded people can gather to share secrets and learn about the latest techniques.
Hackers Unite At DefCon 26
You know the cyber threat landscape is expanding when DefCon 26, the preeminent show for hackers coming up in August in Las Vegas, is already promoting 36 Workshops and over 30 Demo Labs. These workshops and labs will give anyone with the price of admission a hands-on look at some of the most sophisticated hacking tools and techniques available today. Some of the topics listed on their website include:
- “ARM eXploitation 101”
- “Attacking & Auditing Docker Containers Using Open Source”
- “JWAT…Attacking JSON Web Tokens”
- “Decentralized Hacker Net”
- “EAPHammer … a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks”
- “LHT (Lossy Hash Table) … Cracks passwords or keys from a small key space near instantly”
- “PCILeech … a direct memory access attack toolkit”
Prevent, Don't Remediate
The SoleGATE™ premise is simple: executable code in any type of non-executable content such as datafiles and datastreams is malware, and therefore should not be permitted to enter any organization. And, finally, SoleGATE is conclusive: content is either infected (quarantined) or it is not (clean). There is no behavioral analysis or guesswork, so you can prevent cyber threats instead of remediating the damage.
SoleGATE applies to protection against malware in active content and file-less malwareas well. Active content such as macros is de-obfuscated no matter the level of nesting or encryption and evaluated using the patented DvC™ parser-based engine to determine its true purpose. Malicious scripts, links and URLs that may be hidden, self-extracting or even on remote servers are instantaneously analyzed and determined to be clean or not.
Get Solebit’s whitepaper on a transformative, evasion-proof approach against modern cyber-attacks that doesn’t require sandboxing. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.