CIO Influence
CIO Influence News Networking Security

BeyondTrust Labs Report Demonstrates Removing Admin Rights and Implementing Application Controls Highly Effective in Preventing Malware

BeyondTrust Labs Report Demonstrates Removing Admin Rights and Implementing Application Controls Highly Effective in Preventing Malware

BeyondTrust, the worldwide leader in Privileged Access Management, announced the release of the BeyondTrust Labs Malware Threat Report 2021. The research provides insights into threats and privileged account misuse on Windows devices around the world. The report, based on real-world monitoring and analysis of attacks between Q1 2020 and Q1 2021, is produced by the BeyondTrust Labs team with collaboration from customers and incident response teams using BeyondTrust solutions. The report also dives into reoccurring threat themes and maps out tools, techniques, and procedures against the MITRE ATT&CK® Enterprise Framework.

The BeyondTrust Malware Threat Report report explored the 58 techniques in the MITRE ATT&ACK Framework lists for Cobalt Strike threat emulation software, using Privilege Management for Windows, against 150 current malware strains.

Recommended ITech News: CareRev Transforms Customer Experience and Cures Business Communications Efficiency With Dialpad Cloud Solutions

Key report findings:

  • Absent the right protection, malware will disable endpoint security controls and undermine security investments.
  • The use of native tools to perform fileless attacks in the initial stages of attack is a growing trend, enabling attackers to gain a strong foothold by establishing a persistence mechanism with security controls disabled.
  • The MITRE ATT&CK Framework is effective in distilling a wide range of malware strains and cyberattacks into component techniques, which can then be mitigated.
  • BeyondTrust Privilege Management for Window’s out-of-the-box policies proactively disrupted all 150 different, common attack chains tested.
  • Removal of admin rights and implementation of pragmatic application control are two of the most effective security controls for preventing and mitigating the most common malware threats.

“For decades, enterprises have made significant investments in security solutions in an attempt to strengthen their cyber defenses,” said James Maude, Lead Cybersecurity Researcher at BeyondTrust. “Many of these investments have proven to be ineffective, particularly with changes brought on by the pandemic. Security perimeters have dissolved, creating an exponential growth in attack surfaces, and rendering network monitoring and firewall technologies less effective. Endpoint privilege management solutions enable enterprises to reduce their attack surfaces, while gaining greater control over their digital infrastructure.”

Recommended ITech News: NS1 Integration with Datadog Bolsters Visibility at the Distributed Edge

While ransomware has clearly evolved, the fundamental needs to execute code and leverage privileges have largely remained consistent. Whether it’s ransomware hitting a single endpoint, or a sophisticated, tailored attack, the benefits of proactively reducing attack surfaces by removing admin accounts and controlling application execution are highly effective.

Threat actors work ceaselessly to evolve their operations and have matured significantly over the past year. Attackers are exploiting new exposures, using elevation of privilege attacks and sophisticated malware campaigns to take advantage of an enterprise’s often vulnerable front line of defense, their users.

Parallel to legitimate software companies trending towards SaaS, threat actors are shifting to Malware-as-Service (MaaS) with specialists emerging in different areas, including enterprise credential sales, initial access to a target organization, lateral movement capability, and payload delivery. Today, there can be many different pieces of malware that come together in an attack. A ransomware attack can be comprised of multiple threat actors, tools and platforms. And, as threat actors seek to maximize the disruption to organizations and extract the highest ransom payments, the ransomware model is also shifting towards human-driven, enterprise-wide attacks.

Recommended ITech News: FiberLight Brings New Dark and Lit Fiber Services To Coloblox Data Centers

There are thousands of malware variants appearing every day and a constant stream of zero-day threats and emergency patches. Defensive tactics that can be employed with BeyondTrust Privilege Management include:

  • Execution and Persistence – Control code and what can execute through allow listing, limiting the attacker’s ability to succeed.
  • Privilege Escalation – Without access to a local administrator or other privileged accounts, the attacker is limited in the systems and data they can access.
  • Defensive Evasion – To evade detection, an attacker needs both the privileges and the ability to execute code to tamper with system settings and security tools.

Recommended ITech News: Kivu and Fortalice Partner to Deliver Full Suite of Cybersecurity Services to Joint Customers

Related posts

Introducing SupplyController The Cutting-Edge Replacement for SupplyLink by SupplyPro

PR Newswire

120Water Platform Selected to Manage Indiana Lead Service Line Database

DAS42 Media & Entertainment Subscriber Analytics Expertise in the Spotlight at Snowflake’s Media Data Cloud Launch

CIO Influence News Desk

Leave a Comment