http://www.theregister.co.uk/2015/09/08/dell_secureworks_malwareless/
By Darren Pauli
The Register
8 Sep 2015
Half of all breaches Dell's SecureWorks outfit has responded to over the
last year have been a result of attackers using legitimate admin tools and
stolen credentials.
Dell's threat research unit says the "living off the land" hack tactic
makes security controls that seek malware and hacking infrastructure
redundant, especially when command and control infrastructure are not used
or run only briefly.
Researchers cited three recent investigations where companies had been
popped using administrator credentials.
In one case, attackers stole the network credentials a manufacturing
company staffer which were then used to log into the corporate Citrix
platform and tap internal corporate resources.
Those crims also used the unnamed client's Altiris software distribution
platform to pivot laterally through the company’s network and yank
intellectual property.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
