Education & Training: The Downfall of File-less Attacks (AVT)

Whilst we are all aware of the file-less or zero-footprint attack, the growth in their use has been alarming. With regular anti-virus tools less likely to detect them, how can the ‘savvy’ CIO ward against them?

The answer lies squarely in the need for the education and training of employees, ensuring they fully understand exactly what an advanced volatile threat (AVT) is and what to do should one be suspected.

AVTs live in memory; they never touch the disk and can only steal information when the computer is running. The exposure ends when the user shuts down the machine.

From a technical point of view, the only way to deal with AVTs is with anomaly-based detection tools, which live on each individual computer/server. These tools look at all system activity, even down to keystroke patterns and analyze normal from abnormal behavior.

In the case of an AVT, detection is likely because it will probably open a service, to enable an external connection. It is through this service that data, is sent. Hence, the behavior would be deemed abnormal, detected and shut down.

The Business Continuity Institute’s (BCI) Cyber Resilience Report called for improved user education after revealing that nearly two thirds (64%) of global firms have experienced at least one cyber ‘disruption’ in the past year. The report comprised of interviews with 734 respondents from 69 countries, showing that user education is a global issue.

Phishing and social engineering were found to be the primary cause of more than half (57%) of disruptions, highlighting the urgent need for improved user education.In the case of an AVT, detection is likely because it will probably open a service, to enable an external connection. It is through this service that data, is sent. Hence, the behavior would be deemed abnormal, detected and shut down.

The Business Continuity Institute’s (BCI) Cyber Resilience Report called for improved user education after revealing that nearly two thirds (64%) of global firms have experienced at least one cyber ‘disruption’ in the past year. The report comprised of interviews with 734 respondents from 69 countries, showing that user education is a global issue.

Phishing and social engineering were found to be the primary cause of more than half (57%) of disruptions, highlighting the urgent need for improved user education.

Click here to read the full article in Info Security Magazine