Kaspersky Lab's latest technology helps businesses tackle stealth remote control
In the last 12 months, enterprise businesses paid up to 1.2 million dollars for recovery from targeted attacks. But to fight off one of these attacks, a business needs multiple methods of defence. These include experienced security teams, global security intelligence and immense cybersecurity tools. An innovation from Kaspersky Lab is set to help businesses cope with this challenge — as part of its mission to arm businesses with the cutting-edge cybersecurity solutions they need, the leading cybersecurity company, has patented new technology that automates the detection of one of the most effective weapons in a cybercriminal’s arsenal – remote control tools.
Cybercriminals take remote control of victims’ computers in order to conduct malicious activities unnoticed, often reaching out to Command- and- Control servers through encrypted communication channels. Once installed on a user's computer, remote control tools gain administrator access, giving cybercriminals the capacity to obtain confidential information about the user, and allowing them to perform any action on that user's computer, including transmitting information about the results of their operations to computer network attackers. This is especially dangerous in corporate networks, where intellectual property can be unearthed and unlimited damage caused if remote control goes undetected.
To efficiently detect remote control programs, anti-malware solutions need to leverage complex behavioural protection systems. With its latest patent, Kaspersky Lab has expanded its abilities in this area, with a new technology capable of detecting remote control applications, even if they run on an encrypted channel.
The new technology works by analysing application activity and searching for anomalous behaviour across a user’s computer. It picks up on any dependencies between activities occurring on the computer, and their causes. By comparing these dependencies with defined patterns of behaviour, the technology can then make a decision about the registration of the remote attacker's computer. It can then identify the remote control being used via unknown or even compromised safe applications or their components.
“The detection of remote control attacks in encrypted channels is crucial for targeted attacks protection as this is the early stages of the kill chain. Remote control tools distributed within the network and during the search for, and theft of, valuable data. That’s why it is important to be able to detect such behaviour in a very beginning. This technology will allow security officers to prevent incidents where previous layers of protection have failed to work,” Artem Serebrov, Head of Research & Development of Anti Targeted Attack Platform at Kaspersky Lab, commented.