On October 3rd, 2018, the United States Computer Emergency Readiness Team (US-CERT) released a report outlining an advanced persistent threat that could potentially impact hundreds of thousands of small- to medium-sized businesses nationwide.
The threat has been made public under Alert TA18-276B (https://www.us-cert.gov/ncas/alerts/TA18-276B) and identifies how a number of legitimate network tools have been compromised. According to the report, these hostile tactics, techniques, and procedures (TTPs) have been ongoing since May 2016.
The threat is compounded when one considers the widespread belief that smaller businesses are less likely to be targeted by cyber criminals or foreign threat agents. This belief is false however, as reports show that 60% of small businesses are hacked each year.
Wednesday’s report from US-CERT outlines the technical aspects of this threat, as well as its potential impacts on business owners and end users:
“A successful network intrusion can have severe impacts to the affected organization, particularly if the compromise becomes public. Possible impacts include
- Temporary or permanent loss of sensitive or proprietary information,
- Disruption to regular operations,
- Financial losses to restore systems and files, and
- Potential harm to the organization’s reputation.”
Addressing this Cybersecurity Threat
The threat actors outlined in the report cannot be stopped short by passive methods such as anti-virus software or firewalls, as many of the legitimate tools that have been compromised by hackers are built to bypass these defenses.
For this reason, US-CERT’s recommendations for mitigation and remediation include active monitoring and planned incident response. Simply put, it’s impossible to stop these threats without an actual human watching logs for suspicious activity, investigating the activity, and putting a stop to it.
What is a SIEM/SOC Solution?
Security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.
Integral Networks Is Ready to Help
We offer our clients the type of SIEM/SOC solution recommended by the US-CERT to counter this threat. Our SOC provides 24/7 threat monitoring and response, allowing our cybersecurity experts to monitor your network and end-points for suspicious activity.
Our analysts will detect and remediate the threats outlined in this recent US-CERT alert, as well as countless others.
Cyber criminals are becoming more skilled, and thus more dangerous, by the day. Their tools and tactics are always evolving, making it very difficult for static defenses to keep up. The most reliable and comprehensive defense is active, vigilant monitoring, which is why we’re proud to offer this level of peace-of-mind to our clients.
Make sure your business is not one the 60% that will be hacked this year. Contact us and we can begin monitoring your network and devices in as little as one hour.