The attackers discovered by FireEye take advantage of the fact that most people use PCs in administrator mode, which gives full access to the system. Once breaking into the system of such a user, the hackers proceed to move within a network looking for way to escalate the privileges to gain access to more data and systems.
As a best practice, companies should only provide administrative access to people who have a need for it in doing their job. Others, should be cutoff from functionality in a PC they don't need.
Some experts recommend segmenting the corporate network to confine people to specific areas, which would also contain the mischief of hackers.
"Any organization that has properly segmented their network will be at low risk to sensitive data being accessed as a result of a breach related to this attack," Brandon Hoffman, vice president of cybersecurity at RedSeal Networks, said in an emailed statement.
However, other experts say employees often find ways around those restrictions, which tend to poke holes in defenses that cybercriminals could exploit.
"You're just going to spend so much energy and time to implement that and enforce that and you're not paying attention to things that matter," Barrett said.
Sign up for Computerworld eNewsletters.