The Turla group, which consists of hackers who leverage advanced persistent threat (APT) attack tactics to infect victims, is using new malicious tools to target commercial, energy, government, military and technology organizations.
With the Neuron and Nautilus malicious tools, Turla group cyberattackers can maintain persistent network access and conduct network operations on Microsoft Windows platforms, according to the UK's National Cyber Security Centre (NCSC).
Neuron and Nautilus frequently are used in conjunction with Snake, a malware platform that enables Turla group hackers to steal sensitive data. That way, Turla group hackers can infect multiple systems within target networks, NCSC stated, and deploy multiple tools to ensure that they maintain network access even after an initial infection vector has been mitigated.
Both Neuron and Nautilus likely represent parts of an ongoing Turla group campaign and are not acting as replacements for the Snake malware, NCSC said. These malicious tools also have been used independently to launch cyberattacks.
Security Advisory and MSSP Safety Steps
NCSC has issued a security advisory that details Neuron, Nautilus and Snake and their potential impact on organizations. In addition, NCSC is encouraging any organization that has previously experienced a compromise by the Turla group to check for the presence of Neuron and Nautilus.
There is no shortage of solutions available that MSSPs can deploy to help customers mitigate the effects of Neuron, Nautilus, Snake and other malware attacks. Furthermore, MSSPs that incorporate machine learning technology into their cybersecurity offerings may be better equipped than ever before to help customers detect and resolve malware, ransomware and other APT attacks.
Machine learning involves the use of systems that can automatically improve with experience. As such, machine learning could prove to be exceedingly important to MSSPs, as it may help these services providers identify and address cyberattacks before they happen.
Although machine learning may have far-flung effects on MSSPs and their customers, few cybersecurity professionals currently are leveraging this technology. In fact, a recent study of 412 cybersecurity professionals conducted by IT analysis firm Enterprise Strategy Group (ESG) showed that only 30 percent of respondents said they are very knowledgeable about machine learning and artificial intelligence (AI), and 12 percent said their organization has deployed these technologies extensively.
Machine learning ultimately enables cybersecurity professionals to implement a "defense-in-depth endpoint security strategy" and address endpoint weaknesses faster than ever before, according to a study conducted by AI-based threat prevention solutions company Cylance and ESG. Therefore, MSSPs that incorporate machine learning into their services could bolster their cybersecurity portfolios and ensure their customers can quickly address cyberattacks.