Carmine Clementelli of PFU, a Fujitsu company, commented this afternoon on a new report from Trend Micro that North American healthcare organizations appear to be getting hit the hardest by the Stegoloader Trojan. PFU’s flagship product is the iNetSec Smart Finder network security appliance, which is deployed by a large number of healthcare organizations.
Carmine Clementelli, Network Security Expert with PFU, a Fujitsu company (www.inetsec.com):
“This is a great example of an Advanced Persistent Threat, or APT. Today’s attacks are performed using unknown Remote Access Trojan (RAT) malware or new variations of previously used malware in order to evade and bypass signature based security detection engines. There are millions of variations of the most well-known RATs. Techniques such as sandboxing are failing to detect this type of infection because the malware are built with anti-virtual machine capability. This type of malware is becoming so sophisticated with anti-emulation capabilities to thwart analysis, that even technologies designed for traffic anomaly detection have hard time to identify the attack.
The key is to start looking at the internal network traffic and all the lateral movements that these attacks are typically conducting in order to explore the network, gaining more administrative rights and spread East-West before the final exfiltration of data. Fortunately today we have new security techniques that are fully behavioral-based that analyze all these lateral malicious movements and are able to correlate them to the inbound and the outbound suspicious communications in order to detect such advanced attacks. As the attackers are getting smarter and smarter, organizations need to invest in newer internal security measures based on behavioral analysis and able to immediately isolate and block all the infected and the targeted network devices before the data breach happens.”
[su_box title=”Carmine Clementelli, Network Security Expert with PFU” style=”noise” box_color=”#336588″]
Carmine Clementelli is a security expert and manager with PFU, a Fujitsu Company. Clementelli and his team help healthcare, pharmaceutical, banking and finance, educational and other institutions and corporations throughout North America secure their networks, data and critical information assets. Fujitsu is a global security leader.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.