Crowdstrike Encourages The Use Of AI To Target Malwareless Attacks 

At this year’s RSA Conference, CrowdStrike’s Joshua Shaprio said this:

In short, Crowstrike has been dealing with about one malwareless cyber issue a week during the last couple quarters reaffirming data reported earlier this year that 71% of cyberattacks were carried out without malware and highlighting the challenges cybersecurity teams face trying to combat such compromises.
Using a case study, the two illustrated the “layer A problem” involving the bad actor’s in-depth reconnaissance and use of dedicated machines to hide identities and avoid detection resulting in the threat actors set up with their own users on the network, free to exfiltrate data, compromise the cloud, and add themselves as a SQL server admin.

During their RSA keynote, both CrowdStrike CEO George Kurtz and President Michael Sentonas used a case study to illustrate the “layer A problem” involving the bad actor’s in-depth reconnaissance and use of dedicated machines to hide identities and avoid detection resulting in the threat actors set up with their own users on the network, free to exfiltrate data, compromise the cloud, and add themselves as a SQL server admin. More on that in a moment.

From an Akamai report on that attack:
 
    “The attack starts with a password brute-force on the MySQL service. Once successful, the attacker runs a sequence of queries in the database, gathering data on existing tables and users. By the end of execution, the victim’s data is gone – it’s archived in a zipped file which is sent to the attackers’ servers and then deleted from the database. A ransom note is left in a table named WARNING, demanding a ransom payment of up to 0.08 BTC.”

During their RSA keynote both Kurtz and Sentonas highlighted that without the standard malicious code to detect, companies need to consider strategies with robust telemetry gathering activities from the endpoint to the cloud, and to manage identity data with greater granularity, and, with the use of AI and machine learning, find anomalous activity among that data.

CrowdStrike CEO George Kurtz spoke about this to Bloomberg:

Dave Ratner, CEO, HYAS:

   “Increasing an organization’s visibility into the real-time activities inside the network is quickly becoming critical for business resiliency against modern attacks. The ability to identify anomalous outbound communications from both the IT and OT networks can dramatically reduce the elapsed time from infection to detection and remediation and may be the only signal that allows organizations to get ahead of an attack before data exfiltration, encryption, and other actions that impact business continuity.”

Clearly the use of AI by those who defend against attacks is growing. Just look at Google and the announcement that they made at RSA. This is something that defenders need to consider in order to keep our digital assets safe.

Leave a Reply

%d bloggers like this: