In the last 12 months, enterprise businesses paid up to 1.2 million dollars for recovery from targeted attacks. But to fight off one of these attacks, a business needs multiple methods of defense.
These include experienced security teams, global security intelligence and immense cybersecurity tools. An innovation from Kaspersky Lab is set to help businesses cope with this challenge - as part of its mission to arm businesses with the cutting-edge cybersecurity solutions they need, the leading cybersecurity company, has patented new technology that automates the detection of one of the most effective weapons in a cybercriminal's arsenal - remote control tools.
Cybercriminals take remote control of victims' computers in order to conduct malicious activities unnoticed, often reaching out to Command- and- Control servers through encrypted communication channels. Once installed on a user's computer, remote control tools gain administrator access, giving cybercriminals the capacity to obtain confidential information about the user, and allowing them to perform any active on that user's computer, including transmitting information about the results of their operations to computer network attackers.
This is especially dangerous in corporate networks, where intellectual property can be unearthed and unlimited damage caused, if remote control goes undetected.
To efficiently detect remote control programs, antimalware solutions need to leverage complex behavioral protection systems. With its latest patent, Kaspersky Lab has expanded its abilities in this area, with new technology capable of detecting remote control applications, even if they run on encrypted channel.
The new technology works by analyzing application activity, and searching for anomalous behavior across a user's computer. It picks up on any dependencies between activities occurring on the computer, and their causes.
Also Read
By comparing these dependencies with defined patterns of behavior, the technology can then make a decision about the registration of the remote attacker's computer. It can then identify the remote control being used via unknown or even compromised safe applications or their components.
"The detection of remote control attacks in encrypted channels is crucial for targeted attacks protection as this is the early stages of the kill chain. Remote control tools distributed within the network and during the search for, and theft of, valuable data. That's why it is important to be able to detect such behavior in a very beginning. This technology will allow security officers to prevent incidents where previous layers of protection have failed to work," said head of research and development of Anti Targeted Attack Platform at Kaspersky Lab, Artem Serebrov.
The newly patented technology will become the part of Kaspersky Anti Targeted Attack solution starting 2018. Kaspersky Anti Targeted Attack is part of the Kaspersky Lab enterprise security portfolio, which covers different areas of IT security such as endpoint protection, DDoS protection, cloud security, advanced threat defense and cybersecurity services.
Disclaimer: No Business Standard Journalist was involved in creation of this content