To avoid detection, some hackers are ditching malware and living “off the land” — using whatever tools are already available in the compromised systems, according to a new report from Dell SecureWorks.
In fact, this has been the case for nearly all the intrusions analyzed by the Dell SecureWorks’ Incident Response Team last year.
The cyber criminals typically start out with compromised credentials, said Phil Burdette, senior security researcher at Atlanta-based Dell SecureWorks, Inc.
“For example, they might use phishing attacks,” he said. “They’ll send an email purporting to be from the IT staff, asking users to log in and test their credentials because the IT staff has just created a new email server. Once a user logs in, those same credentials would then be used to access the company’s virtual private network solutions.”