The fact that the entire attack went completely under the victims’ radar makes this even more serious. Advanced Persistent Threats, coordinated long-term attack activity targeted at specific enterprises, is not uncommon in today’s IT environment.
Proof of such attacks already targeting the enterprise is already being seen. We recently decrypted an attack on the popular Citrix Access Gateway where Zeus was instructed to take a screenshot every time the mouse is left clicked while the URL includes the term “/citrix/”. This attack defeats Citrix’ virtual keyboard solution which was created to bypass keyloggers by replacing keystrokes with mouse clicks. It proves that the criminals, such as those behind Zeus, are specifically targeting remote access connections into secure networks and going after intellectual property and other sensitive data contained within company IT networks and applications.
With modern malware efficiently written by professionals and designed to be robust, organizations need to think outside the box if they’re to stand a chance of shielding their assets.
Don’t trust the device, trust the session
Enterprises need to acknowledge and counteract the point of attack - the browser – if they’re to stand a chance of protecting confidential enterprise data. A solution that can effectively secure access to enterprise networks from potentially insecure endpoint devices is needed.
Such a solution would comprise of technology that creates a virtual firewall of sorts inside the user’s computer. Intuitively activated when the user connects to enterprise networks and applications, this potential technology would separate enterprise related sessions from any others taking place on the machine.
Malware and exploitable vulnerabilities would be prevented from bypassing this virtual firewall and influencing protected web sessions with the enterprise. When a malware infected machine tries to communicate with the enterprise, it should be identified and the malware should automatically be removed before authenticating the device to all the enterprise systems.
Such technology should include keystroke encryption to evade keyloggers, communication protection to guard against unauthorized modifications, browser process and add-on protection as well as API blockage to prevent unauthorised access.
The enterprise is increasingly becoming a target of sophisticated, stealthy new malware that uses the enterprise’s own employees, partners and contractors as weapons. With five percent of endpoint devices estimated to be infected by botnets and other sophisticated malware, can you afford to leave the door to the enterprise unguarded? The Man in the browser is out there, waiting to be invited in so make sure you slam the door in his face.