Page 32 - Cyber Warnings
P. 32
Figure 1 – Some recent POS intrusions
POS threats are a good example of how Threat
Intelligence can be leveraged as POS malware
is typically not as widespread as much as
commodity malware. Reserved for specific
environments and using infrastructure that can
often hide in plain sight, these threats may
need to be sought out by teams using
specialized tools and techniques as opposed to
waiting for alerts.
Commodity malware (also referred to as
Crimeware) is the most common type of
malware and includes threats like Ransomware, Banking Trojans, Downloaders and AdFraud
bots to name a few. In many cases, the delivery channels for these infections are phishing
emails, malvertising campaigns and compromised websites, these are all also subject to False
Negative scenarios where detection is not available until the threat is discovered or published.
Figure 2 – Ransomware infection after being exploited by a Exploit Kit.
Many web based infections involve multi-stage attacks (i.e. Exploit Kits) that change hosting
infrastructure, URL patterns, exploitation techniques and payloads at a high frequency, all in an
effort to stay one step ahead of detections.
Higher end security solutions may be able to detect anomalous network traffic or exploit code,
however Exploit Kits have proven time and time again that the professional cybercriminal’s
ability to adapt to modern detection technologies and evade them is constantly evolving.
Staying abreast of indicators like the patterns, domains and delivery channels associated with
these threats can help organizations avoid them and reduce the impact of detection gaps.
Minimizing The Detection Gaps With Threat Intelligence
Armed with threat intelligence, security teams can pro-actively investigate and hunt for evidence
of suspicious or malicious activity associated with the threats mentioned. Not every company
32 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
