Spy vs Spy – Cat and Mouse – Blue & Red Team – i.e. Defense is Screwed

We have many adversarial relationships

Spy vs Spy  –  cat and Mouse – blue & red team – hackers vs IT teams.

spyvsspy-catandmouse-bluevsredhackervsit

 

What made me think of this?

The post¹ on Reddit/netsec stating only 10 lines of code will bypass Antivirus code. In case you don’t know Virustotal.com allows attackers and defenders to check their code to see if it will pass or flag antivirus capabilities.

Virustotal is not definitive but is pretty close. So attactics.org has put together 10 lines of C++ code that will bypass the virustotal virus detector.

And this is why some say² (pcmag.com) that anti-virus software is keeping you safe from 45% of all threats.

So what you say we already know that Anti-Virus is not as god as it used to be.  We still need it to catch the retreaded malware coming into our environments.

 

Ok let’s assume that Anti-Virus(AV) catches 45% of all malware.

So now the attacker can get through 55% to the desktop if all you have is Anti-Virus.

Which is why we have discussed before that you need more than AV.

Advanced Firewall³ (or Intrusion Prevention System) can be added which will get a few more percent of the malware coming into your environment.

PAthreat_prevention

Set up correctly, monitored by your IT team without fail and minimal problems should get you to catch at least another 45% . So now we can be at catching 90% of all malware and thus it should be a much better environment.

 

So that’s it? Cat and Mouse?  attacker – defender?  If 100 malware pieces of code try to make it on your systems, then 10 pieces still make it in???

How good are your IT people really? The additional safeguard of testing the environment with pentesters (by playing a “good” red team versus your blue team)… Pentesters are supposed to find the few problems remaining so these few problems will also be plugged.

We are taught to focus on the penetrations and exfiltrations of our data, that way we know when and where the attacks are successful.

 

We create our environments and test them and still have problems due to humans making mistakes, plugging in USB flash drives where they should not.

darthvader

 

Remember the unexpected – do you know the unknown? https://fixvirus.com/ We have a page that discusses risks, likelihood, and impact. There will always be risks, we are in the business of reducing risks, but don’t think you can escape from all risks.

  • Antivirus
  • IPS – advanced firewall/ IPS(Intrusion Prevention Systems)
  • Pentester testing your environment
  • Logging environment and finding the anomalies
  • Threat analysis and anything else that was potentially missed

 

The attackers are not staying still, as they have a job to do and it is to penetrate and exploit every day of the week.

 

Contact Us to review your defense plans

 

 

 

 

  1. http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html
  2. http://oversitesentry.com/is-your-cyber-risk-manageable/
  3. http://oversitesentry.com/what-is-an-advanced-firewall-utm-ngfw/