IT services in Santa Clara must deal with multiple kinds of security in order to present clients with the most effective, reliable, and trustworthy IT. There must be physical security in the form of passwords and password protections. Additionally, there must be digital security in the form of anti-viral and anti-malware programming. From there, you’ve got to have proactive monitoring, which keeps an eye on software usage over a network and can help determine that which is malicious and that which is normal.
Anything beyond the normal is flagged, and from there security protocols are invoked. A final category that MSPs must watch for is the non-malware attack, which can hide inside operations that look otherwise normal. Your business must understand what non-malware attacks look like and how to offset them.
An Example of Non-Malware Hacking
In a nutshell, a non-malware attack is a hacker using tools to cleverly manipulate a system’s built-in hardware protocols for the means of cybercrime. It often looks something like this:
An employee sees a message that prompts them to go to a certain website on a third-party browser like Firefox. Usually, this is spam that has been disguised.
Once on the cyber criminal’s page, Flash loads – a program with near-endless vulnerabilities.
Through Flash, cyber criminals contact an OS tool programmed into all Windows devices called PowerShell, then feeds instructions to that tool.
PowerShell connects to a server of the ‘command-and-control’ variety, and then a script that is designed to steal information is downloaded and the information is sent to the cybercriminal.
This is only one example. As it turns out, there are many other non-malware attack strategies, and they are on the rise. IT services in Santa Clara cannot afford to ignore non-malware attacks for this reason, so they are more likely to be up-to-date on the kinds of attacks that are developing.
The Social Engineering Approach
For example, one sneaky way non-malware attacks are conducted is through simple personable interactions over the phone. Check out this video. In it, a woman at Def Con, an annual convention of hackers in Las Vegas, uses simple social engineering techniques to hack into a man’s cellphone account. She acts like a mother with kids who just “can’t remember” her information. She puts the sound of a baby in the background, and through personable conversation manages to acquire intimate account details.
This is technically a hacking attack without malware— or a non-malware attack. The truth is there are a thousand different ways to hack a business without even using a line of malicious code. In order to overcome that kind of thing, you need the assistance of an MSP who understands what’s going on, what to look for, and how to protect against it. For example, you could use multi-phase security, wherein a password must be sent to a cellphone in order to access an account. You’ve got to think ahead of the hackers, and MSPs can help you do that.