Malicious actors then use social engineering tactics in a campaign sent to end users who often unknowingly click on a fraudulent link. “Security awareness training is a critical part of security. Criminals can easily identify staff and employees and know who is working where. They have a very specific and very effective campaign targeting people,” Devireddy said.
Other updated detection methods include testing sites from a client perspective, said Feinman. “If you examine from the client side, you are testing from the outside in. You would see some of this activity, some indicators of compromise.”
There are sandboxing techniques and solutions that would allow you to do the tests in real time, said Feinman. “Once you have a known identifier, those systems can be configured and quarantined. The tests can run in a live environment, but not one that can get out and infect other systems.”
Unfortunately, security practitioners are challenged by the fact that some exploit kits do check to see if they are running in a virtual environment. “Exploit kits don’t spread and pray,” said Peloquin.
“When a contact is made, that user is dropped off at a gate, and there is security profiling happening at that gate. If it detects a sandbox, it won’t execute a payload, so it can turn into a game of whack-a-mole,” Peloquin said.
Enterprises can benefit from threat intelligence, though. “If we have partners sharing threat intelligence, we can get ahead of the threat and block and manage,” said Peloquin.
Sign up for Computerworld eNewsletters.