Today’s networked environments have become more diverse and complex. In this video, learn how to evaluate the evolution of malware and the danger of encrypted web traffic and see how artificial intelligence helps level the playing field.
- [Narrator] Today's threat landscape is complex and continues to evolve. Current cyber threats pose a risk to businesses, governments and individuals. Malware is becoming more aggressive. We are experiencing everything from network-based ransomware worms to devastating wiper malware. Malicious actors are designing sophisticated malware that is polymorphic in nature and alludes detection. This behavior makes it even more difficult to combat malware because the signatures are constantly changing. Today a large percentage of global traffic is encrypted. However, this is a two-edged sword. We know that encryption is used to protect our data from prying eyes. However, malicious actors are using encryption to conceal their activity, such as communication with a command and control server and moving through your network in the form of an advanced persistent threat. When cyber criminals use encryption to conceal their activity, it's like hiding in plain sight. Email continues to be an attack vector and malicious actors are doubling down on using email and spam as a way to get into an organization. They are using specially crafted spear phishing attacks that prey on our fears, such as using a current event to lure someone into opening an email. Because of the expansion of the internet of things, this is another attack vector to gain access to an individual, government or business. Many IoT devices are untested and have many vulnerabilities which can lead to an attack such as a burst attack which is a denial of service attack that showers the victim with aggressive amounts of traffic to shut down a service. When we think of network attacks, we can group them into three broad categories reconnaissance, access, or denial of service attacks. Reconnaissance attacks are passive attacks used to gather information, map a network, profiling the host, or searching for vulnerabilities. Access attacks take advantage of vulnerabilities in order to gain access to systems. Access attacks can use any number of different techniques that include man in the middle, spoofing and social engineering. Denial of service attacks overwhelm a target by sending large amounts of traffic with the goal of locking out legitimate users. Most denial of service attacks are distributed and use armies of botnets or zombies to launch the attack. The zombies communicate with the command and control server who issues instructions on when to launch an attack. Evasion methods are common with most attacks as the malicious actor seeks to remain undetected for as long as possible. Evasion methods include using encryption, fileless automation, tunneling, and steganography. Malicious actors are constantly developing new attack methods. As a result, the security specialist must be aware of the latest attack methods as early detection is essential in preventing an advanced persistent threat.