http://images.techhive.com/images/article/2014/03/478247455-100253087-primary.idge.jpg Credit: Thinkstock
Many advanced hackers opt to skip the malware and use common admin tools. To detect those sneaks, monitor your network for unusual activity
InfoWorld | Sep 15, 2015A big paradigm shift is under way in the malware world. Less malware is being used in the biggest, most sophisticated attacks.
Instead, malicious intruders are using the legitimate tools built into various operating systems to do their dirty work. Legitimate tools, including remote management tools and scripting engines, are far harder to detect than single-purpose malware.
This is nothing new. In the early days of computing, legitimate tools offered the most common path to hacking. Computer viruses and Trojan horse programs didn’t show up in force until the late 1980s, and back then, they were more of a nuisance as opposed to a real threat.
Even in their heyday, malware and other nefarious tools have mainly been used to pry the door open: to steal logon credentials, to guess passwords, to dump password hashes, or to install backdoor and remote access programs. Once the bad guys were in, they would generally turn to common admin tools such as Remote Desktop to move from computer to computer.
full article