The famous hacker Albert Gonzalez he was screaming antivirus. He and his teams wrote malware that was specifically designed to prevent it from being detected.
Hackers like him, they upload the malicious software directly into the server's memory, and they find access to the data exchanged by a corporate network of a bank.
Gonzalez was probably the most wanted hacker in internet history. He was eventually jailed for hacking into more than 250 businesses, including retailers such as TJX and the Hannaford Bros. chain with payment processing company Heartland.
The intercepted data cost hundreds of millions of dollars. Although many of these companies had anti-virus software installed, they could never detect what the hacker was doing. Why;
Beware of the gaps
Not to be misunderstood: antivirus is an important part of the security arsenal and every day malware scanners detect and stop millions of malware. It is now an essential software.
Antivirus tools work by scanning both static files and programs that run in memory. They use various techniques to detect malicious activities.
The signature signature, say, or signature scanning looks for known formats in files, and is an established method for finding malware, as well as scanning the code it runs in memory, and looking for potentially malicious activities when they happen.
All of these are solid, and reliable tools, but when attackers are determined enough, antivirus alone cannot stop them and secure your data.
The malware industry focuses on zero-day attacks, using vague or completely unknown security vulnerabilities. A hacker smart enough to invent, or discover, someone - and there are many - to bypass the detector software.
The smart IT administrator uses complementary technologies to reduce the risk of an attack, and one is to look at all possible malware distribution channels.
Web protection software can reduce the risk by placing some webpages or groups of webpages on the black list. Filtering internet access is a great way to reduce the risk of infection by simply forbidding access to unnecessary web pages.
It is a worthy supplement along with an antivirus that will try to detect anything installed through the browser. This multifaceted protection is a key principle of modern cyber security.
All you need to say goodbye to the integrity of your network is to open a file or click on a link.
Another important carrier of infections is email. Attackers use it for phishing, and in some cases for spear phishing targeting specific companies.
Attackers can collect information about the organizational structure and employees of a company. The list of sources is endless, and can be found in annual reports or by social media.
They use Social Engineering to manage to extract attachments from the victim or to prompt it very convincingly to open a file containing a zero-day attack.
Employee training is very important for this piece of work, but it should also be supported by a technological solution.
The best way to deal with threats delivered via email is to suppress them before they are delivered to employees. The monitoring and filtering of emails is therefore an important part of any corporate cyber security strategy.
Emails can be protected from viruses by scanning known signatures for spam from an antivirus. This in itself can greatly alleviate malware or hostile emails, ensuring increased employee productivity as well as reducing the risk of a breach.
Using blacklists for known malware and using whitelists for identifiable sources, such as business partners and clients, can be an extremely useful technique for blocking emails.
For extra security companies can keep unscrubbed emails away from their infrastructure. Pre-filtered emails can ensure employees not only from infected files but also large volumes of spam. Filtering through a third party service mitigates the problem by ensuring that the company's servers offer clean communications.
Even if all the above measures have been taken, there is still the possibility that a company's systems are vulnerable.
For hackers like Gonzalez, or Sony Pictures hackers, a system scan and e-mail filters are not enough.
Make sure the software you run on your computers is up to date and has no known vulnerabilities.
Patches and more generally any kind of information is vital, as IT infrastructures are becoming more complex. Understanding the update and installing it in your system can help managers to prevent imminent breaches.
All these steps, along with a trusted antivirus, can help your cyber-security.
But let us not forget: nothing is 100% safe. The above measures try to make things more difficult for the attackers who may decide to move to easier targets. A persistent hacker with the necessary knowledge and skills is dangerous even if you have literally followed all of the above.