It’s a Jungle Out There
Advanced Persistent Threats (APT) take many forms, from state-sponsored malware designed to cripple core infrastructure to paid cyber mercenaries recruited to steal financial data and trade secrets. The increasing sophistication of these threats should be of the utmost concern to corporate security teams.
A new threat is emerging: seemingly undetectable hacking being conducted by well-organized groups of hackers who work together to plan and execute attacks. Most so called next-generation security technologies can’t keep up with the rapidly evolving malware in use. As a result, corporate security must shift from prevention and protection to core detection approaches.
Corporate networks are more vulnerable than ever and targeted penetration is increasingly more successful due to the increasing number of access points in corporate networks, including:
- The proliferation of mobile devices that employees are using as part of the BYOD trend
- Corporate networks that are increasingly connected to partner and service provider networks
- Home offices, hotel business centers and airport charging stations for mobile workers
- Public cloud infrastructure services and distributed applications
Corporations have invested billions of dollars in IT security to thwart hackers, designing multiple layers of protection into their security architectures. This includes overlapping redundancies and a continuous stream of alerts. While multi-layered defenses worked well in the past, they do not stand a chance against modern day breaches that achieve success by penetrating the corporate perimeter and attacking in-depth, with very complex and multi-faceted tools and techniques.
Sophisticated malware persistently evolves and adapts to improve its information-stealing methods and remain undetected by corporate security systems. Security researchers have identified new strains of Zeus malware, for example, that learns from past experience. The new strain implements information-stealing methods that target corporate financial data.
Another form of malware, Zero Day exploits, take advantage of vulnerabilities in software that the corporate developer is unaware of and thus unable to remedy. There’s no current fix available for Zero Day exploits. Sophisticated hackers find these vulnerabilities and use them to gain access to corporate systems. These targeted attacks evade traditional defenses such as firewalls, intrusion prevention systems (IPS), anti-virus software, and Web/email gateways that function as most organizations’ primary security defense.
This type of malicious software is typically inadvertently installed by employees or is passed through the network using normal communication channels. They automatically propagate throughout the network while stealing information from the compromised systems. These APTs are constantly being automatically updated with new and better components to avoid detection and remain active within the breached network. Many APTs can remain dormant on the compromised network for months and years before waking up to do what they were programmed for.
These new generations of attack techniques take sophisticated detection methods that can identify fast-changing threats. Network behavioral analysis is one emerging technique used to detect and stop network anomalies before they can cause significant damage to corporate systems. Network security services that can detect early threat activity by maintaining alert logs and behavioral profile information over extended periods of time enable continuous monitoring of global attacks and vulnerabilities. These systems employ statistical modeling and machine learning techniques to evolve as the threats do.
I’ll elaborate on these emerging technologies in an upcoming blog post.