Modern Threats Need Modern Solutions: 24/7 Monitoring

I wouldn’t be the first person to ever say that technology is ever evolving.  Normally this revolves around how it has helped or changed our lives.  AI, Self Driving, Cashless checkout are just a few examples of how technology is improving our daily lives.  But, we don’t often talk about how it has made us less safe.

If you think about all the advantages of technology, they also apply to the people that use technology for nefarious purposes.  Ponzi schemes, Get Rich Quick, and Snake Oil salesman tactics that have existed for centuries have all gone online and can now target you based on your profile and likely susceptibility to these types of tactics.  How many of us have parents or grandparents that have fallen for an online scheme?

When it comes to protecting your business or school from outside threats, this landscape is also evolving at a rapid pace.  What used to take weeks and months to break into and ransom your data can now be done in days, or even hours, using almost fully automated systems.  In this blog, I am going to talk about the various ways that attackers are currently breaking into company networks, how these modern threats need modern solutions, and explain why Managed Detection and Response (MDR) is the best answer – 24/7 monitoring.

How Attackers Break Into Networks Today

Ransomware as a Service

In the early days of cyber security, threat actors initially had to develop or modify existing code, test it, and then rapidly deploy that code before security vendors could develop a countermeasure to block the attack.  This was time-consuming and often enabled a one-time attack model with long lead times and low percentage of success.  Ultimately ending with little or no profit from the vendor for a single actor.

Enter cybercrime organization and these attacks proliferated; and with the invention of ransomware started to provide some returns on the initial investment.  With a team of attackers, they were able to hit more sites in quicker timeframes and actually get a return.  Once that started happening, the floodgates were opened and more threat actors joined in.

As with any business model, groups started specializing in the various aspects of cybercrime to the point where today we have ransomware as a service (RaaS).  With RaaS, a threat actor can buy, rent, or even profit share all the various elements needed to commit an effective cybercrime campaign – complete with instructions and tech support.

Managed Detection & Response provides an effective means to have someone monitoring your network and endpoint 24/7 to stop these attacks in their tracks.  Without MDR, it can be difficult to detect that these attackers are even in your network, let alone how long and what they are doing, until it’s too late.

Remote Desktop Protocol Vulnerabilities

According to the Sophos active adversary report for the first half of 2024, Remote Desktop Protocol was the number one way (90%) attackers gained access to networks that Sophos responded to during that period.  Although most businesses rely on some form of remote desktop access, this continues to be the easiest and most effective way for threat actors to gain access and then move laterally throughout the network until they compromise the Domain Server and then gain full control of the victim’s network.

At Spera Partners, we HIGHLY recommend disabling remote desktop to the outside world without additional layers of protection.  However, in many cases with older systems, this can be difficult.  MDR in conjunction with a firewall can be an effective way to detect and prevent these types of attacks if you need to continue using this remote access method.

Living Off the Land Binaries (LOLBins)

LOLBins, short for Living Off the Land Binaries, are legitimate operating system binaries that cybercriminals exploit to mask their malicious activities. These binaries, inherently harmless, are part of the system’s core functionality but have become tools for nefarious purposes.

Initially, attackers mainly used LOLBins after gaining access to a system, leveraging them for persistence or privilege escalation. Nowadays, these preinstalled tools and system binaries are also used to evade detection and deliver malware. By using LOLBins, attackers achieve their objectives without needing to upload custom code or external files to the computer.

Common LOLBins are often Microsoft-signed binaries, like Certutil or the Windows Management Instrumentation Command-line (WMIC). They can serve various malicious purposes, from executing code and managing files (downloading, uploading, copying, etc.) to stealing credentials.

Once a threat actor is inside the network and they are using these binaries, it can be difficult if not impossible for traditional endpoint security to detect and stop the attacker.  In these cases, MDR is the only method that is effective in detecting and catching these attacks because there are actual humans reviewing suspicious behavior and determining if it is a legitimate threat.

Why MDR is the Solution

If after reading all of this, you are wondering ‘how can my organization possibly keep on top of all these threats?’ – you are not alone; it can be a tall task.  With Managed Detection & Response, you get fully managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions like endpoint security cannot prevent.  Spera Partners can manage the full spectrum of your organization’s technology including being the conduit for your managed MDR services as well.  Through our partnership with Sophos, we can help you protect your business or school by finding and stopping cyberthreats – fast. With the benefits of MDR Service, you can:

• Elevate Your Cyber Defenses – MDR provides tangible returns including significant reduction in time to detect high risk threats that require investigation and in identifying the source of attack.
• Get 24/7 Peace of Mind – Having a Managed IT Provider like Spera Partners that accepts nothing less than MDR for its clients ensures your peace of mind with reliable and comprehensive cybersecurity.
• Improve Cybersecurity ROI – With incident response costs starting at $10,000 and upward, MDR can more than pay for itself in one year.

Summary

Modern threats need modern solutions.  The rapidly evolving landscape of cyber threats necessitates a shift from traditional reactive endpoint security measures to proactive solutions like Managed Detection and Response (MDR). As cybercriminals continue to exploit advanced technologies and sophisticated tactics, businesses and schools must adopt comprehensive security strategies that include human oversight and real-time threat monitoring. By incorporating MDR solutions, organizations can better protect their networks, detect and respond to threats more effectively, and ensure the safety and integrity of their digital assets.

Need a technology partner to spearhead your cybersecurity?  Or need a consultation to determine your next steps?  I love talking technology so feel free to book time with me or use one of the links below to submit your request.  Let our managed IT services give you peace of mind.  We keep up with the modern threats so you don’t have to.

Brian Hess
President, Spera Partners

Consultation for Schools: https://sperapartners.com/Complimentary-Consultation/
Consultation for Businesses: https://sperapartners.com/business-solution-complimentary-consultation/