Current Filter: Security>>>>>Opinion>

   

Cybercrime has more in common with the golden era of spying and Philby, Burgess and Maclean - infiltrate, stay hidden and extract information without detection.

In the era of Advanced Persistent Threats (APTs), attacks are subtle, intelligent and much more dangerous. In order for an APT attack to be successful, there are key steps attackers look to take, including:

Building the Toolkit: An attacker has a substantial arsenal at the ready to launch and maintain their attack. This includes:

Malware: Either specially crafted or 'off the shelf' malware tools easily obtainable via underground hacking forums.

Social Engineering: The practised ability to make a human target believe the attack is coming from a trusted source.

Zero-Day/Other Exploits: In some cases, attackers use exploits recently fixed by vendors, but not yet patched by the target organisation.

Insiders and Recruits: Typically, the only way attackers can reach a target computer unconnected to the Internet.

Fake Certificates: Attackers may forge/fake an SSL certificate to get a victim to visit a page pretending to be from a safe site.

Choosing a Target: The attacker first determines whom they wish to infiltrate and what to steal. Is the attacker after confidential financial data? Source code? Technical drawings?

Target Research: The attacker conducts extensive background research on his target to build a profile, as well as a detailed list of other potential human targets inside the organisation.

Penetration: After the target is acquired, a common approach for an attacker is to create a customised phishing email, hoping their target will open an infected attachment, allowing them to plant remote access malware on the target's computer.

Elevation of Privileges: With a foothold inside the target's network, the attacker attempts to exploit vulnerabilities on other internal computers, in order to gain deeper access on the network.

Internal Network Movement: With further access inside the network, the attacker expands their control to other machines.

Data Theft: Once network access has been achieved, data can be easily stolen and sent back to the attacker - passwords, files, databases, email accounts etc.

Deploying a robust set of established and emerging security technologies that can interact together is now required - in particular, addressing the five areas of the APT Strategic Framework, as defined by Fortinet, with highly effective and proven technologies that work in a coordinated fashion is critical to reducing the risk of today's advanced targeted attacks:

• Access Control to reduce the attack surface
• Threat Prevention to inspect content and block as many attacks as possible
• Threat Detection to detect compromise given the evolving threat landscape
• Incident Response to validate and contain such incidents
• Continuous Monitoring to assess and improve.

Security technologies continue to evolve from signatures and heuristics to reputation and behaviour analysis - and beyond. Cutting through the noise made by new vendors promising to solve APTs with point solutions, organisations need to assess their tolerance for risk and determine which security technologies are right for them.