Sophos is well-known to IT security professionals for helping organizations protect sensitive digital and technical assets as well as providing key industry research via SophosLabs. For the 2019 Siouxland Cybersecurity Forum, Xigent invited Jason Shupp, director of sales engineering at Sophos, to speak on the direction of endpoint security.
Shupp reported that security threats – especially financial ones – are evolving at an alarming rate. In addition to well-publicized hacking and ransomware, organizations are now facing rising endpoint security threats from multi-stage and fileless malware, which accounted for about 35% of all attacks last year.
File-less malware is difficult to detect because it looks and acts like proper activity. Hackers use existing, trusted software such as Windows PowerShell to execute weaponized digital payloads under the guise of normal, expected activity.
Kill Chain Compression
Another emerging problem is that cyber-attacks are now advancing through their steps much faster than in the past. Experts have a name for it: “kill chain compression.”
- Two years ago, Petya proved that catastrophic action could take place in minutes, leaving no opportunity to stop the malware once it had been delivered. In one day, it infected and wiped 10% of all the PCs in Ukraine, costing billions of dollars in damages.
- According to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA), Emotet is one of the most costly and destructive malware variants. Emotet attacks cost businesses an average of $1 million to remediate.
- Crimeware as a Service platforms are giving even casual bad actors sophisticated malware propagation tools. They provide sample code, help set ransom price and payment terms, collect the ransom and pay hackers a percentage of the profit.
“The bad guys are coming at you hot and heavy,” Shupp emphasized.
The Path Forward Is Layered Security
Today’s security teams must focus on layered endpoint security. Bad actors have the tools and the incentive to keep searching for IT vulnerabilities, and organizations can’t relax, because stopping an attack no longer means safety. Hackers will attack point after point until they find one they can exploit.
The blended nature of threats requires a multi-layered security approach. Device functionality is becoming more and more robust, from HTML display to file path investigation, creating more attack surfaces for hackers to target. Combine those multi-faceted attack vectors with compressed kill chains, and the need for a holistic, multi-layered defense is the only viable alternative.
How secure is your financial institution? Download our Network Security Guide for Banks to learn best practice tips and techniques for mitigating advancing threats.
Shupp told the audience that the operating system with the most recorded malware is Android, which has 2.5 billion active devices per month. Monitoring endpoints like Android and collecting the activity on those devices to analyze for malware has become a top priority.
Endpoints are positioned to add a valuable element to any defense in-depth strategy and add layers of security. Endpoints can provide key information, such as:
- Traffic type.
- Traffic source.
- Traffic destination.
When included in a strategic layered security operation, the endpoint can deliver that threat intelligence to the firewall, for example. The firewall can then block it as well as provide forensic data for relief and perhaps restitution. That’s why machine learning tools are becoming prevalent; they can add proactive endpoint detection and response (EDR) capabilities.
“Predictive security is the future.”
– Jason Shupp, Sophos
The astounding level of financial cyber-attacks requires banks to partner with highly skilled IT security experts for their access to the latest and most effective tools and information.