Posted by Yuval Malachi, Chief Technology Officer
This week was a big week in cyber security. Kaspersky labs revealed the anatomy of the attack on their company via a vector called DUQU 2.0. Quite a sophisticated attack.
I noted that on page 4 of their report (https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf) they described the initial attack, via email (could has easily been a mobile device). But what you find after that is very interesting. Lateral movement. “In general, once attackers gain access into a network, two phases follow: reconnaissance and identification of network topology and lateral movement. “
This is exactly what we we see every day in a variety of industries around the world. Attackers, regardless of their sophistication, must do reconnaissance and identify the resources they want to acquire. This lateral movement and reconnaissance puts them within reach of deception technology. When they reach out to touch one of malware traps we have them.
I believe, given this pattern of the attack vector, that if Kaspersky Labs had a deception technology installed they could have reduced the time to breach detection for DUQU.