SAN FRANCISCO – Sometimes, a targeted attack against a business starts at home. In the corporate world, security comes from layered defenses that sometime prove to be too much for an attacker. However, when it comes to systems at home, such protections are rare, if they exist at all.
It’s an unfortunate reality. People don’t update their systems, such as applying patches or maintaining their security software. This leaves them wide open for attack, and sometimes this is just the key a criminal needs to access the corporate network. When this happens, the attacker has used the classic method of attacking the path of least resistance.
“I think that people are the easiest. The social engineering aspect, I think is the path of least resistance. And it’s the most difficult to protect against as well. It comes down to training and awareness about vulnerabilities,” commented Tiffany Rad, a member of Kaspersky Lab’s Global Research and Analysis Team.
Commonsense isn’t something that can be taught. A person either has it or they don’t. However, avoiding the social aspect of an attack can and should include awareness training. Teach employees to think twice about something that just doesn’t seem right or feels different and to ask questions, Rad added.
When it comes to protecting assets at home, and the information contained on them, it’s hard to enforce corporate policy outside of the office, especially when the employee is using a system that is theirs entirely and not something purchased for them by the company.
Yet, Rad mentioned that she thinks that some companies, especially those that have business with the government, do stress the need to keep systems updated, and they do make the employee (especially those in the C-Level) aware of the fact they may be targeted due to the nature of their work or the level of access they possess.
Still, all the awareness in the world won’t protect a system if it is vulnerable to a known exploit, compromised due to user error, or it’s passively attacked via a malicious website.
During a launch event for their upcoming 2014 product line, Kaspersky Lab introduced the Zero-Day, Exploit, and Targeted Attack (ZETA) technology, as one of the latest developments to protect the systems of those individuals that represent the path of least resistance to an attacker.
ZETA is designed to counteract targeted attacks that rely on exploits targeting software vulnerabilities, by scanning the data stream for code fragments with the characteristics of exploits. If such things are detected, then the attack is halted.
By working with data streams instead of individual files, ZETA is able to provide a deeper analysis of incoming data, and identify non-standard elements and the connections between them – which may be a strong indicator of a potential threat.
Updates to ZETA are managed by a dedicated group of researchers who study techniques used by exploits to spread and compromise systems, in addition to the constant stream of data from Kaspersky’s cloud network. It was initially part of Kaspersky’s Linux Mail protection for businesses, but it was soon ported to the consumer line after proving its effectiveness.
In the end though, while technologies like ZETA can be a huge help in defending against targeted attacks, it’s not a silver bullet. The best defense will come from a solid offense in the form of layered protection and healthy sense of awareness.
Disclosure: Accommodations for SecurityWeek to attend the Kaspersky Lab product launch event were provided by Kaspersky Lab under the condition that no coverage was guaranteed, nor would positive coverage be guaranteed.