Cyber threat hunting after the holidays
By Niranjan Jayanand, WatchTower Threat Hunting Manager APAC
Tuesday, 17 January, 2023
With the holidays behind us, employees are returning to work after some well-deserved time off with their family and friends. In cybersecurity departments, this is a time of extreme caution. After nearly a month of skeleton crews and shorter hours, now is the time to look for any malicious code that may have slipped beyond the security perimeter and into the company’s network.
Infiltrations over the holiday season can easily go unnoticed, and the malicious code sitting within the company system may not be exploited for several months. By the time the threat actor is ready to launch their attack, they have everything they need in place to steal data, transfer money to their own accounts or wreak havoc.
Post-holiday threat-hunting activities can help Australian businesses find these pieces of malware and safely remove them from the network. Threat-hunting activities were recently legislated in Singapore, and we believe it is advisable for all Australian businesses to conduct them.
What is threat hunting?
Threat hunting is a proactive effort to search for signs of malicious activities that have evaded security defences within an organisation. Threat hunters are able to uncover hidden threats that may be waiting to execute an attack or find events that have already compromised the environment.
Effective threat hunting helps uncover hidden advanced persistent threats (APTs), cybercrime, policy misuse, insider threats, poor security practices and environmental vulnerabilities. The activity aims to identify attacks that slipped past your defensive shield.
Conducting a threat hunt
Threat hunting begins by reviewing and correlating logs from different areas of the network. These include firewall logs, DNS logs, web proxy logs and NIDS/NIPS logs, as well as endpoint data that covers all network connections, file events and registry events.
Threat hunters compare and contrast the data within the logs as they search for unexpected access and anomalous activity. These logs create a rich hunting ground to proactively identify hidden threats, risks and vulnerabilities, and they empower your team to proactively mitigate risks that degrade your security posture.
These activities can be conducted manually. However, using automated tools and AI reduces the time required to review the logs and helps ensure that nothing is overlooked.
Benefits of threat hunting
Threat hunting allows security teams to proactively get ahead of the latest threats by hunting for malicious activity. It helps to improve a company’s true risk posture and prevent any number of cyber incidents from progressing into full-blown attacks. When threat-hunting activities are complete, they provide confidence and peace of mind to security teams who no longer need to worry about latent threats hiding within the network.
Building secure AI: a critical guardrail for Australian policymakers
While AI has the potential to significantly enhance Australia's national security, economic...
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...