KSA and UAE see most attacks in the region; Kaspersky Lab
Kaspersky Lab launches its Kaspersky Anti Targeted Attack platform which detects sophisticated threats
Kaspersky Lab has revealed that organisations in the Kingdom of Saudi Arabia and the UAE are facing numerous targeted cyber-attacks.
According to Kaspersky Lab's "IT Security Risks Survey 2015", 9% of organisations globally and 8% in KSA have experienced a targeted attack in the last year, which include Turla, Epic Turla, Shamoon, Adwind, Wild Neutron, Poseidon and Desert Falcons.
The security firm has released its Kaspersky Anti Targeted Attack platform which aims to detect and analyse sophisticated threats, plus highlight unusual actions that constitute strong evidence of malicious intent.
Ovanes Mikhaylov, managing director in the Middle East, Kaspersky Lab said: "Nowadays businesses need to overcome many cyber-threats, including some of the most advanced ones, for which they need knowledge of possible attack vectors, indicators of compromise, and the ability to distinguish normal operations from malicious activity.
"This requires strong security expertise combined with technology that is capable of spotting a criminal act in the avalanche of daily activity in a large corporation. This challenge is being addressed with the Kaspersky Anti Targeted Attack Platform, together with the security services aimed at sharing security intelligence with our customers faster than ever before."
Conventional protection technologies are very good at preventing generic threats and attacks from breaching the corporate perimeter. Although the number of such threats is still growing, businesses are becoming more concerned about targeted attacks and advanced cyber-weapons used for the purposes of cyber-espionage or the disruption of business activity.
While these threats represent a tiny fraction, which is less than 1% of the entire landscape, they present the highest risk to companies worldwide. What's even more important is that the number of such attacks is growing steadily and the price-per-attack is diminishing.
Solving the "1%" problem requires advanced technology and proper security intelligence that has either been accumulated within the company or requested from a security vendor.
The platform analyses data collected from different points of the corporate IT infrastructure. The solution's sensors are responsible for data acquisition over network traffic, web and e-mail as well as endpoints. This allows the solution to detect complex attacks at any stage, even when no malicious activity is taking place, like data exfiltration. Suspicious events are then processed via different engines, including an Advanced Sandbox and a Targeted Attack Analyser for a final verdict.
The Advanced Sandbox provides a safe, isolated and virtualised environment for analysing suspicious objects and detecting their intent. The Targeted Attack Analyser utilises data processing and machine learning technologies to assess and combine verdicts from different analysis engines. This is where the final decision to alert the staff is made.