Over the last three or so years, North Korea is reported to have stolen an estimated $2 billion through cyber-attacks targeting cryptocurrency exchanges and banks.
Lazarus Group, which is believed to be connected to the North Korean government, is said to be behind the attacks. The hacking group has also been linked to other famous cyber-attacks including the WannaCry breach which crippled the NHS in 2017.
Towards the end of May 2019, an unnamed African bank became one of the many financial organisations to be targeted by the massive cyber theft campaign. The attackers had infiltrated the bank’s infrastructure and begun to make a small number of low-value transactions to other banks located in Bulgaria.
The heist was thwarted when suspicious recurring patterns were identified in the metadata of encrypted traffic leaving the bank’s network.
Sandboxing, behavioural analytics and AI
This multi-faceted attack was incredibly sophisticated. Encryption was used to evade detection, with the hackers burying ‘command and control’ calls in outgoing traffic flows. However, this attack was not unique: hackers are increasingly turning to encrypted traffic flows as a course of attack.
So, what can you do to protect your business?
Advanced threat detection goes beyond basic security analysis — working on a deeper level to uncover attacks which employ advanced malware to evade detection by traditional antivirus solutions, firewalls, intrusion prevention systems and other network security solutions.
Two of the most common advanced threat detection solutions include sandboxing and behavioural analysis. Sandboxing involves isolating a program from other programs or networks, allowing malware to run in a virtual environment so its behaviour can be analysed without affecting a device or accessing sensitive data.
Unlike traditional antivirus software, advanced threat detection solutions use sandboxing to identify malware based on its behaviour rather than through fingerprinting — helping to discover and contain malware that would otherwise go undetected.
An alternative method is to scan the metadata of the encrypted traffic, using behavioural analytics to identify and understand traffic patterns, whether normal or malicious. Although behavioural analytics systems don’t take action based on the findings, they do alert cyber security teams to any anomalies, providing them with actionable insights.
However, new types of malware are created in their thousands every day — making countering cyber threats impossible through human effort alone. As such, artificial intelligence (AI) and machine learning have enormous potential to help improve your business’ cyber security posture. AI tools help you stay one step ahead of hackers and minimise vulnerabilities before they can be exploited. But they can also take over fundamental but monotonous tasks, therefore allowing security teams to focus on more high-level work.
Utilising best-in-class applications
Advanced threat detection plays a critical role in protecting data from advanced and persistent malware attacks. Implementing these types of solutions will help you detect even the most sophisticated malware — providing a vital source of threat intelligence, which helps to improve detection-to-containment times and aids in follow-up investigations.
Software as a Service (SaaS) applications such as CyGlass would have helped significantly in the African bank scenario. CyGlass identifies, detects and responds to network-based cyber-attacks in real-time by using an ensemble of AI algorithms, which learn the customer’s network and can detect threats of unknown origin without requiring the set-up of rules or policies.
By leveraging the power of AI, CyGlass can analyse patterns, large volumes of traffic, access points and a range of other variables to identify potential threat sources and determine the likelihood of a breach. Through its management dashboard, CyGlass then allows your cyber security teams to drill down into each area of concern to determine the appropriate action to take.
At Burning Tree, we work with you to identify any cyber security threats — making the best use of advanced technologies, such as those from CyGlass, to remediate the issues identified. You can review our full list of technology partners here.