Comment by Dr. David Gugelmann, Founder and CEO, Exeon
Zurich, February 15, 2021 - Various media are reporting today on a warning from the cybersecurity company Eset. The latter had reported that the hacker group "Evilnum" has been targeting Switzerland fintech companies since December 2020. With so-called spear phishing emails, i.e. attacks against selected targets in the company, recipients are to be tricked into clicking on a link to a ZIP file and extracting it. In addition to an invoice and identification documents, the file also contains a malware program. At first glance, the included documents look trustworthy, Eset writes. With the operation, Evilnum wanted to infiltrate the targeted companies and obtain sensitive information about the financial institutions as well as their customers. In doing so, they exploited know-your-customer procedures common to companies in the financial industry.
Phishing aims to get employees to open an unknown attachment or click on a link to a hacker website. The user often does not even realize that he has become a victim of phishing. The attack method is therefore very popular with cybercriminals and often comes across as professional. It is therefore a gateway for all kinds of cyber attacks such as malware, ransomware, or data theft.
There are roles in the company that have to click on attachments and cannot do their job any other way. While these employees are protected in the first instance by anti-virus programs and firewalls, these preventative measures are relatively easy to circumvent. Once the attackers are on the network, traditional defense mechanisms are of no help - especially because attackers like Evilnum are very sophisticated when they spread across the network. The consequences can be devastating, especially in the financial sector.
That's why it's important to also constantly monitor the network to detect attacks and initiate defensive measures. After all, the damage is not done at the time of the actual intrusion, but only when data is stolen. To do this, the attackers must first familiarize themselves with the network. They have to find the data relevant to them, obtain the appropriate admin rights, set up communication channels to the outside world, install software, etc.
All of these activities leave traces in the network that should actually be noticeable, such as:
Suspicious network activity is an important clue to quickly fend off attacks like Evilnum's. However, although the traces could actually be clearly seen, they are often lost in the sheer volume of network data. That's why it takes more than 200 days on average for a cyber attack to be noticed - and by then it's often too late. The remedy is the use of artificial intelligence (AI) in network security. AI can continuously search for typical attack patterns, and quickly distinguish normal from suspicious activity. Threats can thus be detected and reported to the IT team within minutes or hours. Like an alarm system that goes off when the door lock has been picked or bypassed by an intruder.
This alarm system is called "Network Detection & Response" (NDR). The technology not only alerts, it also helps the security team understand threats and quickly defend against attacks. So while NDR can't necessarily prevent attacks like Evilnum's, it can detect and eliminate threats before damage is done. It's a safety net that effectively complements prevention, making it a must-have in modern cybersecurity.
Exeon is a Swiss cybersecurity company specializing in automated security monitoring of IT networks and infrastructures. Its core product "ExeonTrace" provides AI-powered detection and mitigation of cyber threats, based on over ten years of award-winning research at ETH Zurich. Exeon was recently voted one of the top 5 Swiss start-ups, is internationally active and counts well-known companies such as PostFinance and the logistics group Planzer among its customers. For more information, visit: www.exeon.com.
Dr. David Gugelmann, Founder and CEO, Exeon