Cyber Explainer: The Trojan Horse

This sneak attack is adept at hiding, and has been known to create cyberthreats that go undetected for years

trojan horse cyber attack

In this new series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyberattack methods criminals use to exact them. For this ninth installment, we look at trojan horses, one of the stealthiest tactics used to breach network defenses.

What It Means
The term Trojan horse comes from Greek mythology, referring to a trick that grants an attacker entrance into a protected space. In cybersecurity, that trick is a program that appears harmless, but plants malware or spyware onto a computer. (The latter, usually used for identity theft, hides on a computer, waiting to capture credentials as a user enters sensitive information into any site.) Trojan horses can disguise themselves in everything from email attachments and advertisements to downloaded computer games and MP3s.

Where You’ve Seen It
The Department of Homeland Security announced in 2014 that a Trojan horse, allegedly sponsored by Russia, had “penetrated the software that runs much of the nation’s critical infrastructure,” including pipelines, power grids, water systems, wind turbines, and nuclear plants. The kicker: The BlackEnergy bug had been hanging out in networks for three years. Just this week, a report attributed sensitive cyber-document theft in several South American and Asian countries (over the past two years) to the Trojan horse-planted Felisums malware.

How to Stop It
These hidden-in-plain-sight attacks were created to elude rules and thresholds. To spot them, a cybersecurity platform needs to be analytics-driven and also use machine learning. The prior is attuned to behavioral anomalies among and between users, devices, files, networks, and other entities. Meanwhile, the latter, a type of artificial intelligence, processes data even as it grows and eliminates human error. This is important given the significant dwell time associated with Trojan horse attacks. So instead of chasing false alarms, a security team is pointed towards validated leads to catch Trojan horse-associated threats quickly.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence