Published on February 17th, 2015 | by admin
3 Ways to Fight Back Against APTs
Advanced Persistent Threats (APTs), like those in the recent attack on Sony Pictures, are different than common malware attacks in that they focus on a particular target, whether it’s a private company, public utility, or specific government. While common malware attacks use a signature base delivered in a shotgun approach to cast the widest net possible, APT attacks are designed without that signature, making them more difficult to identify, and it more difficult for enterprises to develop protections against the attack. APTs are also more focused and designed around research of a specific target.
The most efficient and least costly way to deal with an APT is to block it before it gets a foothold, but this isn’t as simple as it sounds. The days of black-hat hackers developing viruses to be turned loose on specific operating system vulnerabilities are not exactly gone, but have evolved from individual endeavors to criminal enterprises and state-sponsored groups focusing on specific targets. Many times, focused attacks will use more than one platform to gain entry. Most APTs are designed to have a low profile once inside to avoid detection while valuable data is identified and harvested.
Here are three ways organizations like yours can fight back against APTs:
1. Social Engineering
Organizations must understand that the methods for fighting these threats are different than simply installing virus protection, and develop the proper safeguards. Although many APT delivery systems mirror those used to deliver viruses and Trojans, it’s not as obvious that access has been gained. Social engineering is most often the primary attack point, so teaching employees to be vigilant when reviewing email and visiting websites is the least expensive approach. Unfortunately, human nature being what it is, it’s hard to be 100% effective, and it only takes one slip to let your attackers in.
Even with the difficulty of having all employees understand the gravity of these threats, it still needs to be regularly reinforced. On top of this, security officers and directors should look at applications and services that can identify and remove threats before they make it onto the targeted network.
Advanced anti-malware sandboxing involves creating a virtual front door into your organization. The software used is able to evaluate attachments in a virtual environment, prior to entering your firewall, to identify malicious code and remove it before it can make it onto the network. These network gateways are easy to deploy and are designed to address the new threats. Unfortunately, sandboxing by itself is not a complete solution; it should be part of an overall strategy that includes social engineering awareness efforts and contextual security controls.
3. Contextual Security Controls
In addition to malware detection and prevention efforts, it is still important to enforce security policies and develop protocols that limit exposure. This includes keeping virus definition files current, hardening host based configurations, regularly patching software, and scanning for vulnerabilities.
With the popularity of social media, it’s important to set policies that limit or remove access to the company network. Attackers understand this popularity, along with the fact that most users don’t lock down their social media accounts, allowing total strangers to access their information. This can be a goldmine for attackers with a specific target in mind. Once social engineering identifies a target’s employees, it’s only a matter of identifying those employees on social media. They then concentrate their attack on an employee’s social media accounts, knowing many employees check their accounts at work. Some employees also include details about their employment and post information about projects and special events that can assist attackers in honing their offense.
While protecting your network is a difficult and ongoing endeavor, it’s much easier to institute protection up front than cleaning up the aftermath. By doing so, the system you put in place should allow the advantage of tracing back intrusions at whatever entry point no matter how far in the past they initially occurred, and no matter the application on which it took place.
Learn more about proactive APT defense with the help of communications insight at www.ss8.com/enterprise.