You may also be interested in:

Articles

Microsoft Cyber Sleuth: Stealth Attacks are the Top Threat

  • By Andrew Deichler
  • Published: 6/5/2015
REDMOND, WA—During a special press event at Microsoft’s Cybercrime Center, Richard Boscovich, assistant general counsel of Microsoft's Digital Crimes Unit, warned corporate treasury and finance professionals to be on the lookout for “stealth” attacks.

If anyone knows a thing or two about cybercrime, it’s Boscovich. His Digital Crimes Unit has been involved in taking down 15 botnets, including the infamous Citadel botnet, which was responsible for more than half a billion dollars in losses worldwide.

Although some experts have warned treasurers to watch out for integrity attacks that can alter company data and make it worthless, Boscovich isn’t particularly concerned. He explained that “sloppy” integrity attacks are fairly easy to identify.

Instead, Boscovich sees cybercrime trending more towards sneaky, “stealth” attacks that are much harder to detect. “You’re going to see small pieces of code infecting computers, and then little by little, those pieces will assemble as they go out to the internet,” he said. “They’re going to be dormant there and they’re going to just be used for information collection. I think those are the much more serious threats.”

As cyber defenses improve, these threats become more compartmentalized, Boscovich explained. “You’re going to have a pieces of code that goes through antivirus because it’s not a complete piece of malware, so there’s no signature,” he said. “Once it drops, then it slowly goes out and downloads individual components.”

The 2013 Target breach is the most well-known example of a stealth attack. “In the Target case, it was pieces of code that had no signature,” Boscovich said.

Boscovich likened stealth attacks to 15 passengers on an airplane sneaking gun components on board so that they can then assemble the gun once they’re in the air. The components themselves pass through security because they appear innocuous, but obviously, once assembled, the threat is apparent.

Invest in alerts… and use them

Fortunately, these stealth attacks are not insurmountable. “They’re hard to catch, but not impossible to catch,” Boscovich said. “So we’ve never seen this piece of code; we don’t know what it is. It’s not malware, but you should still receive an alert that should lead you to do a further check-up.”

In the case of Target, the code slipped in that was unfamiliar but did not appear to be malware. Nevertheless, Target’s security system, did in fact set off an alert. But Target had turned the alert system off. Had Target left the system on, its security team would have seen that there was something going on.

“The first piece of the code dropped, but no one was watching,” said Boscovich. “You can find it, but you have to have mechanisms in place that look into everything that comes in and set off alerts for any codes that haven’t been seen before. The code isn’t malware, so it’s not blocking it, but it sets it to the side and alerts the IT administrator of what’s coming in.”

Register for AFP 2018 and Save $250
Your biggest challenges solved. Cutting edge tech, industry leaders and innovative ideas will be brought together this November at AFP 2018.
Register for AFP 2018 Now

Copyright © 2018 Association for Financial Professionals, Inc.
All rights reserved.