It's safe to say that the sophistication of today's criminals is far outpacing the evolution of the defenses they are attacking.
A great example of this mismatch is the explosion of malware executing modern battlefield attacks.
These attacks first started emerging in the mid-2010s, but it was until recent years that there has been a surge in activity-recent Aqua Nautilus research shows there's been a 1,400% increase in modern-battlefield attacks in 2023.
That's a staggering figure, and when you consider that most security teams rely on detection-based solutions to detect and mitigate these attacks, there's good reason for concern.
That's because these leavebehind evidence, such as attack patterns and signatures, that help teams identify them.
With attack chains increasingly targeting device memory during runtime, the signatures to detect or behavior patterns to analyze are no longer there.
For those less familiar with modern cyber battlefield attacks, they can be installed with or without associated files, and their preferred area of operation lies in a very specific lane, where an end user starts an application and turns it off.
The reason attackers target this space is because what occurs in device memory during an application's runtime is mostly invisible to defenders.
It would need to scan device memory multiple times during the application's lifetime while listening to the correct triggering operations and finding malicious patterns to catch an attack in progress.
I haven't even touched on the fact that these attacks also sidestep or tamper with the hooks most solutions use to spot attacks in progress.
This allows attackers to linger undetected for extended periods-a remote access trojan, infostealer, and loader using application memory stay in a network for an average of around 11 days.
Modern Battlefield's Many Faces The modern cyber battlefield compromises of more than a single type of threat - it's a feature of attack chains that leads to a wide range of outcomes.
Ransomware is not necessarily associated with memory runtime attacks.
In industries like finance, where Linux is used to power virtualization platforms and networking servers, there's been a violent surge in attacks.
Attacks often compromise business-critical servers in-memory to set the stage for information theft and data encryption.
Stopping the Modern Cyber Battlefield Madness From businesses to government entities and everything in between, the key is to begin focusing on stopping threats against application memory during runtime.
That's because the modern cyber battlefield and fileless malware are essentially invisible, and traditional security techniques, which build a castle wall that surrounds protected assets and relies on detecting malicious activity, won't do you any good.
What makes AMTD so effective is that it creates a dynamic attack surface that even advanced threats cannot penetrate.
As a result, they cannot reuse an attack on the same endpoint or any other endpoint.
Now, rather than detecting attacks after they've happened, AMTD technology does what other detection-base solutions cannot, it proactively blocks attacks without the need for any signatures or recognizable behaviors and, in doing so, makes Modern Battlefield attacks ancient history.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Sat, 16 Dec 2023 17:43:05 +0000