3l33t haxxors don't need no botnet, they just pinch passwords

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2015/09/08/dell_secureworks_malwareless/

By Darren Pauli
The Register
8 Sep 2015

Half of all breaches Dell's SecureWorks outfit has responded to over the 
last year have been a result of attackers using legitimate admin tools and 
stolen credentials.

Dell's threat research unit says the "living off the land" hack tactic 
makes security controls that seek malware and hacking infrastructure 
redundant, especially when command and control infrastructure are not used 
or run only briefly.

Researchers cited three recent investigations where companies had been 
popped using administrator credentials.

In one case, attackers stole the network credentials a manufacturing 
company staffer which were then used to log into the corporate Citrix 
platform and tap internal corporate resources.

Those crims also used the unnamed client's Altiris software distribution 
platform to pivot laterally through the company’s network and yank 
intellectual property.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/