APTs – How to prevent the threats that are advanced and persistent?
Aug 2020 witnessed many coordinated cyber-attacks around the world. Many Global payments companies and Money transfer companies were targeted but New Zealand’s Stock Exchange Market (NZX) was among the hardest hit. NZX suffered cyber-attacks for days together in a row and it was a barrage of distributed denial of service attacks (DDoS) affecting NZX’s servers’ availability. The NZ government was forced to activate the country’s National Security System for the battle. Traffic was originating “through the global gateway” and the government said it was impossible to identify the source.
These attacks come from anywhere in the world and they travel at the speed of light. Planned attacks happened during the busy earning season for investors forcing the Institutional dealers to trade by communicating directly with each other allowing ‘negotiated trades’ that put the traders at a disadvantage. These attacks demand organisations to review their readiness to protect from advanced persistent threats (APT).
What is Advanced Persistent Threats?
Advanced Persistent Threats use continuous, stealthy, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period, with potentially destructive consequences. Most dangerous cyber criminals with a high degree of covertness, skill, and patience use this method against their targets. They use several advanced tools and techniques along with traditional hacking methods like phishing, adware, and man-in-the-middle attacks. The attackers determine the target based on what they hope to accomplish and do extensive research about the target. They try to pursue gaining insider access by using the people with required skills, available tools and they also build new tools. They deploy the tools at disposal to identify vulnerabilities. These tools are mostly a combination of new cutting-edge technology and traditional methods. Once a weak spot is identified, they begin infiltration. Once the attackers gain access to inside network, they figure out where to go and get the data that they target. Once this is achieved, they start sending the data out for making use of it. They further strengthen their foothold inside the network to establish more zombies and extend access to valuable locations to further exfiltrate data. They do everything to remain undetected and hidden inside the network for long.
In short APT attacks last for a longer period with consistent attempts at consistent effort to conceal the footprints to remain undetected. Social Engineering, Spear phishing, Rootkits and Exploits are some of the common methods and tools used by the attackers. We are not sure what other tools are already out there undetected so far and what is in the making by these next-gen hackers.
How to be vigilant against APTs?
A layered security approach is must have to protect organizations from APTs. Individual layers in a multi-layered security approach focus on a specific area. Unified Threat Management (UTM), End Point/End User Protection, Email Filtering, Email Archiving, Email Encryption, Web Filtering, Data Encryption and Mobile Security are some of the components of this multiple layers. A four-step process would be of tremendous help for APT security
1. Secure
Unpatched servers, open WIFI routers, unlocked server room door etc., allows the opportunity for infiltration. Any access points are potential points of entry in an APT attack hence defining this perimeter and protecting is the foremost step.
2. Monitor
Organizations need to monitor everything, what is working normal and what is not. Even normal scenarios need to be monitored again. Who is accessing data, who is changing it, who is making changes to credentials; we should know everything that happens within the network and to the data. If we know what is happening to the data, we can react to and prevent APTs from damaging the organization.
3. Analyse
With all the data gathered, organizations need to compare and baseline behaviours. This will help to know what is normal and what is suspicious. Organizations can further track and analyse potential security vulnerabilities and suspicious activity to stop a threat before it’s too late.
4. Investigate and fix
Organizations need to create an action plan to manage threats as and when alerts arise. Each type of threats will require a different and unique response plan. Security teams need to know how to act quickly to investigate each of the threats and security incidents and fix it in on war footing.
How 10xDS can help?
NXSecure, the cyber vertical of 10xDS, is closely watching the trends to bring to you a combination of multiple measures, ranging from sophisticated security solutions to a workforce that is trained to identify any attacks, for building successful and ongoing defence strategies.
Talk to our experts to know more!