The term executable transfer, respectively is made up of an adjective and a verb. An executable (.exe) describes a scripting language program, written to automatically execute instructions once the payload enters the destination environment. Before the .exe can execute anything it must be transferred from the source location (A) to the destination location (B). Successfully identifying indicators of compromise (IOC) such as an executable transfer on your network, establishes a state of information superiority within your computer network defense (CND). You decreases the adversary’s likelihood of success with each subsequent intrusion attempt by detecting, analyzing, monitoring, indicators such as an executable transfer.
Detecting Executable Transfer Traffic
Threatcare brings a proactive approach to cyber defense through cloud-based simulations that help with risk discovery, while validating your risk mitigation techniques. The browser acts as a Threatcare agent on your host. From your browser once you initiate our executable transfer simulation a benign file is bidirectionally transferred across your network. Meaning from the browser on your host we create executable transfer artifacts on your network. A benign binary file is downloaded into, and uploaded out of the network your host resides. Though this file is benign it’s an unsigned binary file, and should be flagged by your safeguards as suspicious file movement activity. Being able to identify and mitigate the executable transfer metadata created in your environment validates phase one in your security hygiene. Also you can upload your own custom files that match specific malicious traffic to leverage your safeguards ability to defend against such techniques, tactics, and procedures (TTP’s).
Why Detecting An Executable Transfer Is Important
To compromise an organization’s confidentiality, integrity and availability, also known as the CIA triad, a malicious executable must first be developed and used to the intruders advantage. E.g. a chief information security officer notices most her endpoints are vulnerable to the latest WannaCry exploit. Needing to patch her systems quickly before an attack, she finds a website that has the latest windows patch and downloads it right away. Because her field of security was volatile, she didn’t realize the website was not trusted and crafted by an intruder. This kind of attack i.e. trojan horse malware, deceptively tricks the user into inviting malware into their environment. Though this malicious executable transfer hit her network, she previously had been proactive with her cyber defense. Repetition in identifying, analyzing and mitigating malicious matched traffic, stopped the .exe before any real harm could be done.
Learn more about why organizations choose Threatcare. Threatcare’s Violet platform is a BAS technology (Breach and Attack Simulation Technology) that enables organizations to simulate benign attacks on their systems to validate that their security controls are properly working. Intrusion Simulations should be done regularly for continuous security validation.