By Bharat Mistry
When it comes to cybersecurity, information is power. So we were pleased recently to see GCHQ’s National Cyber Security Centre (NCSC) release a new document highlighting the five most common publicly available hacking tools. Although far from exhaustive, it will provide some much-needed guidance for security teams on what to look out for and how to maximise detection and protection.
Those operating VMware environments and looking to follow this best practice advice would do well to consider our flagship Deep Security offering. As we’ll be discussing at VMworld Europe next month, the combination of tight integration and full-featured security is a winner for protecting software-defined datacentres and hybrid cloud environments.
The top hacking tools
Perhaps the most telling thing about the NCSC report is that it had to be produced at all. It’s very much a sign of the times: a reminder of how the cybercrime underground has democratised hacking tools for widespread use. According to the report, produced in concert with cybersecurity specialists from all Five Eyes nations, initial compromise is usually achieved via exploitation of software vulnerabilities or poorly configured systems. After that, hackers may use:
Remote Access Trojans (RATs): like JBiFrost which could be used to install backdoors and key loggers, take screen shots, and exfiltrate data.
Web shells: like China Copper — malicious scripts which offer remote administrative capabilities.
Credential stealers: like Mimikatz which steal user log-ins so an actor can move internally through a target network.
Lateral movement frameworks: like PowerShell Empire which allow attackers to move around once inside a network.
C2 obfuscation tools: like HTran which help to disguise the bad guys’ location when compromising a victim.
There’s a long list of recommendations from NCSC for firms looking to better detect and protect themselves from such threats. But among the key pieces of advice are:
Partnering on security
These recommendations play very much to Trend Micro’s strengths as a security pioneer and a decade-long partner of VMware’s with our flagship datacentre product Deep Security. We offer:
All of this comes with an architecture designed to optimise performance in virtual environments, and offer enhanced visibility across physical, virtual and hybrid cloud IT from a single console. Trend Micro on VMware realises the NCSC’s vision of “modern” systems and software designed with security in mind.