Ken Westin, senior security analyst with Tripwire, commented on research from Cybereason that has uncovered a new attack targeting Microsoft Outlook Web Application (OWA).
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :
“This attack shows the importance of being hyper-vigilant when it comes to monitoring critical assets within an organizations environment. Organizations need to pay special attention to what is happening on these critical endpoints, as they can easily lead to an entire network being compromised. Mail servers, active directory servers, databases and other critical systems need to be monitored for any and all system configuration changes, as well as new binaries added to these systems. IT and security teams should be alerted to these changes immediately and have a workflow established for quickly verifying if these changes are authorized and verified as part of a scheduled patch, or if it is a potential malicious piece of malware.
When dealing with a sophisticated adversary, the malware they use to target infrastructure will use customized code that will not have signatures, or they may simply use tools available on the systems themselves to harvest data. Although threat intelligence can help tell organizations if a particular threat or indicator has been seen by others, they still need strong security intelligence within their own network to identify anomalies and potential threats that may not have been seen before.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]