February began with the Polish banking industry uncovering and responding to what is being called the most serious cyber-attack in Polish history. Hackers planted malicious files on the servers of the Polish Financial Supervision Authority (KNF), which regulates the country’s banking industry. Anyone who visited the KNF website would unknowingly load a JavaScript file into their browser, which would then download malware from an external malicious server and install it. This is known as a waterhole attack.
While authorities are still investigating who is responsible, they believe the hackers are from another country. The Polish attack may even be related to similar ones in Mexico and Uruguay.
This latest news is just another example of the need for CompTIA Cybersecurity Analyst (CySA+), which launched last week. With CySA+, IT pros can get the training they need to combat, and even prevent, these attacks and prove to employers they have the skills it takes to protect their servers.
CySA+ applies behavioral analytics to improve IT security and validates the knowledge and skills required to protect an organization's network. IT pros use security analytics to create threat visibility across a network. This new visibility allows them to identify and combat malware and advanced persistent threats (APTs). Behavioral analytics helps detect bad behavior on your network so you can stop the problem as quickly as possible. If a system is infected, connections it makes with a malicious server can be immediately identified and severed.
CySA+-certified professionals know how to use the right tools to perform these tasks, such as intrusion detection systems (IDS), packet sniffers and security information and event managers (SIEM). Someone who has CompTIA CySA+ can go beyond simply reading the data that these tools produce. They know how to interpret it and use it to make decisions and take action.
The malicious server is often a command-and-control center on the dark web, and in the case of KNF, it attempted to download malware on visitors' web browsers. CySA+ tools would allow an IT pro to identify the IP address or domain of the malicious server, classify it as a “bad IP address or domain” and even terminate the connection before any malware is downloaded and installed.
The importance of cybersecurity continues to grow with each of these attacks that surfaces. Opportunities abound for those with the right skills. If you don’t have the skills yet, consider CompTIA CySA+ or the CompTIA Cybersecurity Career Pathway to set you on your way to a cybersecurity career.
