Our Voice

CWSI announced as one of Ireland’s Best Managed Companies 2023.

CWSI, has been named as one of Ireland’s Best Managed Companies. The awards programme is led by Deloitte Ireland, in association with Bank of Ireland.

Learn More
REQUEST A CALL BACK

The ABC’s Of Threat Hunting.

When it comes to securing your environment, it’s important to understand your digital landscape and know where attacks can occur. Here are the two major types of cyber attacks to be aware of when hunting for threats.

Commodity Malware Attacks.

Commodity malware attacks come from clicking on the wrong link or installing the wrong program. In these situations, remedying the problem is typically as simple as removing the malware, rebuilding the device, and/or resetting user.

Typical malware attack strategy:

  • Leverage highly automated attack techniques.
  • Be focused on infecting large numbers of endpoints.
  • Be delivered using techniques that would appeal to many potential targets.

Human-Operated Attacks.

Human-operated attacks occur when attackers infiltrate a system and escalate their scale of attack to varying degrees based on what they find in your network. In these situations, complete eviction of the attacker and every element they’re connected to – or control – is paramount.

Typical Human-operated attack strategy:

  • Focus on specific targets.
  • Evade specific organisational protections.
  • Use customised tools designed specifically for the target.
  • Abuse legitimate administrative tools to avoid detection.

Know The ABC’s Of Threat Hunting.

Surviving a human-operated attack relies on your ability to identify signs of the attacker and their activity. Here’s a breakdown of what to look out for and how to stay protected.

Authentication

Authentication represents the identity aspect of an incident. Understanding the authentication aspect of an attack enables you to quickly identify suspicious activity and respond before the adversary has a chance to strike.  

  • User accounts
  • E-mail addresses
  • Cloud identities
  • Cookies
  • Passwords
  • Shared credentials (i.e., SSH keys)
  • SAS (Shared Access Signature) tokens

Backdoors

Backdoors are intended or malicious ways that an attacker controls a system or service. Researching the backdoor aspect of an attack can provide evidence of attacker techniques that may highlight other potentially compromised applications and systems.

  • Malware that provides remote access
  • Web shells
  • Remote administration tools
  • Accidental or intentional misconfigurations to provide remote access
  • Built-in management capabilities

Communication

The communication aspect of the attack identifies how the attacker interacted with the backdoor. Elements of this communication can be used to help identify other systems the attacks may have interacted with.

Examples of communication elements:

  • IP (Internet Protocol) addresses
  • Network routes
  • DNS (Domain Name System) names
  • Proxies
  • User agent strings
  • Network relays

Develop Your Own Threat Hunting Program.

Building your own threat hunting team requires bringing together the right people and giving them enough time and the right technology and training to succeed. Here’s how to get started.

Use Your Human Talent Wisely.

Automate repetitive tasks and focus your human talent on tasks requiring expertise, judgement, and creative thinking.

Choose Team Players.

“Lone wolves” aren’t ideal in high-pressure work environments where collaboration is needed. Instead, aim for enthusiastic collaborators.

Adopt A “Shift Left” Mindset.

Learn to fine-tune your approach in real-time to remain adaptive in the fact of unpredictable attacks.

Read The ABC’s of Threat Hunting Whitepaper.

Discover how to prepare for unexpected threats.

Download Now

Lady using an iPad

Original Source- Microsoft Security, Microsoft Security Experts The ABC’s of Threat Hunting

Relevant Resources

Our Voice

CWSI announced as one of Ireland’s Best Managed Companies 2023.

CWSI, has been named as one of Ireland’s Best Managed Companies. The awards programme is led by Deloitte Ireland, in association with Bank of Ireland.

Learn More

Technology Talks

Cyber Awareness- Navigating the Threat Landscape

Listen to our Chief Operations Officer, Des Ryan as he explains how the recent increase in cybercrime requires IT teams to stay vigilant to protect their organisations from threat actors. Hear Des’ recommendations on best practices to decrease your organisation’s chances of falling victim to the next cyber-attack.

Technology Talks

Discover Connect & Go.

IT departments are suffering from a lack of time and resource to manage the demands of regular roll-outs of devices. Hear from CWSI’s Jesper Schmidt and Thierry Lammers as they discuss our innovative service, Connect & Go, diving into their technical experience from firsthand use cases.