Cyber thieves aren’t always as sensational, on closer examination, as the popular imagery their titles might evoke. They aren’t riding into your network on neon-lit motorcycles. Instead, malware is the vehicle they choose to discretely gain access to networks, and in turn, a company’s intellectual property.
It can be hard to tell the difference between your everyday malware and a cyber-espionage intrusion. The signs aren’t as obvious as you might hope. Espionage actors intruding on your networks might look like more of the same bothersome yet commonplace malware that your virus protection may pick up. It’s important to be able to spot the difference in order to take the appropriate actions to keep your intellectual property safe.
When tracking cyber-espionage at Dell SecureWorks, we look at the tools and infrastructure espionage actors use to facilitate an intrusion. Are intrusions coming from the IP addresses of known espionage actors? Are there signs of exfiltration to known malicious IP addresses or domains? Are certain internal systems beaconing on a regular basis to unknown sites or sending copious amounts of data outbound, especially at odd hours of the day? Espionage actors will be persistent and patient in order to gain a foothold on your network, but that kind of behavior may give them away.
Dell SecureWorks’ Intrusion Prevention Service (IPS) is based on our proprietary network intrusion prevention appliance, the iSensor, which includes detection for over 100 malware families that have been identified as being used by espionage agents. We work to identify recognizable patterns and malware being used in conjunction with known espionage-related intrusions. Adding these signatures to our database, SecureWorks is able to raise the red flag and provide countermeasures against espionage-related intrusions in addition to everyday malicious activity prevention.
Following up on these types of intrusions with an in-depth analysis of your environment will also ensure that the espionage actors have been removed entirely, and are not attempting to maintain a foothold on your network. When new malware is found we’ll look at the “fingerprints,” such as how they communicate, and add these new signatures to the iSensor database, providing more formidable detection over time.
In order for these espionage actors to maintain the very extensive code development, domains and servers needed to create intrusions on your network, espionage actors are obviously extremely dedicated to their tasks. The SecureWorks team is equally dedicated to tracking the clues they leave behind to counter their intrusions and provide countermeasures to shut them down. Find out more at SecureWorks.com, and see if your business fits the bill for cyber espionage.