Ray Kafity, VP at Attivo Networks META region, said it is generally understood that prevention alone is not enough, and attackers now have the ability to ‘roam’ or sit inside a network for extended periods of time before proceeding with an attack/data breach. There is a need to have a tool to control the network once it is compromised. Businesses are now looking to deploy so-called ‘honey pots’ inside the network to trap the attacker by creating a fake environment based on a deception solution. However, this solution must be based on authentic operating systems and must reflect a similar DNA to the true network.
Deception technology turns the tables on cyberattackers with early and accurate detection and accelerated incident response. Dubai, United Arab Emirates, 14 October 2018: Attivo Networks®, the award-winning leader in deception for cybersecurity threat detection, will join Crestan International, a leading value added distributor, at GITEX Technology Week 2018 to highlight the critical role deception technology plays in an active defence strategy.
By: Ray Kafity Things are heating up in the Middle East when it comes to cyberattacks, with entire industries, including regional governments, feeling the brunt. So much so, that mainstay industries like Banking & Finance, Oil & Gas, and Retail are increasingly finding themselves in the crosshairs of cybercrime, making them the most heavily targeted sectors in the region. It has become evident that no organization, regardless of size, is off-limits. Organizations must assume they are a target – or will become one eventually. Therefore, adopting advanced tactics of defense and keeping up-to-date with technological advancements in the field is a necessity.
The end of 2016 saw the return of a familiar attack campaign that wipes the disk of any infected computer. Dubbed Shamoon 2, it appears to related to the 2012 Shamoon campaign that targeted an organization in Saudi Arabia and made use of a disk wiper called DistTrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The attack four years ago resulted in 30,000 or more systems being damaged to oil company Saudi Aramco. Shamoon 2 was scheduled to execute its wiping activities on November 17, 2016. No one has identified the threat actors behind either the original attack campaign or this new one, but the they appear to have targeted a second Saudi Arabian organization, with the payload set to execute on November 29, 2016. This new campaign targeted the labor ministry and a chemicals firm. Luckily for the organizations, the malware was discovered and defused before the scheduled execution dates. There is no information as to how the malware was delivered to the targeted organizations, but it is likely that the threat actors performed reconnaissance on the target networks during a previous intrusion to map the networks and identify systems to deliver the malicious payload to.
Attivo Networks recently opened a Middle East office in Dubai led by three security industry veterans and signed a partnership agreement with Starlink.
The company’s actions are an effort to expand access to its deception technology that detects cybersecurity threats in real-time before a data breach occurs. Attivo’s solutions can fight cyberattacks without having to depend on signature patterns, database lookup or heavy computation.