Signatureless attacks are here to stay

Posted: November 11, 2015

We’re seeing a rise in signature-less attacks.

“What’s a signature-less attack?” you say. It’s where malware that is designed to sit on your system, actively breaching your data security, is unable to be detected because the “signature” that the code produces has not been seen by anti-virus software teams with enough frequency to be captured into anti-virus comparison databases. And we’re seeing more of them.

In fact, we’re seeing attacks that have been customised exclusively for the companies that have been affected. That’s a paradigm shift from the global, automated hacking of the past. Those hacks, while impactful on a global scale, were able to be effectively combated over time because the infection signature was able to be detected.

Often, a signature-less attack replaces key lines of code in previously trusted software in order to co-opt it to copy and send data, encrypt it or delete it. And there hasn’t been a way to see that your software has been compromised like that.

Until now…

RSA has developed ECAT (the Enterprise Compromise Assessment Tool). It’s a software package that operates in stealth mode most of the time, silently monitoring resource usage.

When it sees an application accessing resources that it hasn’t previously touched or consuming more resources than it has in the past, it begins compiling a case for action. If the level of suspicion rises above a threshold that you set, ECAT pounces!

It can suspend the activity of the file in question and allow you to run a full audit trail on what’s happening to your data. An easy-to-use interface means that you can inspect software quickly to track a hack or get back to normal operations.

In the battle to combat today’s most sophisticated threats, ECAT is the next line of defence.