Colombia. Due to the development of new technologies, the information of companies becomes more vulnerable every day, creating different types of viruses that have affected their digital ecosystem.
Some examples of this new generation of malware are: the Wannacry Ransomware that was detected in May 2017, is active 11 months ago and raised more than 600 million pesos. Likewise, the Crypto Mining Oracle Weblogic that was detected in October 2017, is active 6 months ago and has raised more than 678 million pesos.
It has become increasingly complex to determine the type of malware, its scope and detection by its constant evolution and unpredictable development.
At present, companies have great challenges in hunting for malware and caring for valuable information. Jorge Imues, cybersecurity expert of the A3SEC group, has identified five of them that should be taken into account.
1. Have real visibility over the endpoint: Be able to store logs of network connections, changes on the system and user behavior.
2. Collect large volumes of information: All information collected must be on a Big Data platform that facilitates analysis and response activities.
3. Process and use the information collected: If the volume of information is very large, there are usually limitations on the storage of historical data, limiting the capacity for analysis.
4. Have the ability to analyze the information collected: It is not enough to have all the information centralized, you must know what to do with it. For example, being able to identify what is anomalous, knowing the taxonomy of new attacks and using that information to detect what really happened about the affected system.
5. Assess the risk of a threat: Once we understand that it has occurred, we enter to assess that threat in order to measure its real impact and make decisions about the remediation actions that are going to be executed, especially if expenses are incurred.
There are some types of technologies that help contain these types of cyberattacks and help in malware detection. Among some of them, there is Falcon crowdstrike, a solution that has the ability to analyze the machine in depth and counteract the possible damages of an attacker, to the point of isolating the compromised equipment.
This type of solutions generate analyses of this type: flow of processes executed over time and mutations to other legitimate processes of the system or applications of the users, the number of DNS connections that the machine has made, changes in the writing and reading of the hard disk, among others. Once the intrusion is confirmed, there is the possibility of isolating the computer from the network or simply continuing to observe the behavior of the attacker to identify more vulnerable points.
Today, companies must understand the great challenges that exist in the hunt for malware and use new technological tools to take care of privileged information and avoid millionaire losses in information security.
Leave your comment