APTs: Nows the Time for a New Approach

  /     /     /  
Publicated : 22/11/2024   Category : security


APTs: Nows the Time for a New Approach


Advanced Persistent Threats, or APTs, are one of the greatest problems that enterprises face today. However, security teams have been taking the wrong approach...



By every approximation, Advanced Persistent Threats (APTs) are rising at an exponential rate. A massive industry of cybersecurity products, which go far beyond early-generation anti-virus and firewall solutions, has sprung up to combat and address these new threats at the various stages of the exploitation lifecycle.
Although APTs may vary significantly from each other, theres one clear common denominator that is at the heart of every successful attack.
Traditional defenses, even the most advanced ones such as sandboxing, have all been based on the assumption that using advanced techniques will be able to detect malicious intent and separate it from good content. This game of cat and mouse is what the industry is experiencing these days and one that is won by the attackers as they continue to evolve their techniques to work around heuristics detection.
These types of technologies, however, have a high rate of misdetection and false alarms.
(Source:
Flickr
)
But what happens if there is a weakest link -- common for all or most cyber attacks -- that could invert the situation, giving the defender the upper hand?
Finding common ground in APT
In order to establish a beachhead, attackers need to get a piece of executable code, and active content to a machine in the target network. They will use any number of methods to get a user to access malicious content, such as spear phishing. To avoid detection, the executable code -- shellcode -- is hidden in data objects, such as Office documents, and executed by exploiting vulnerabilities in common applications -- Adobe PDF Reader, for example.
The impact can be staggering, with cybercrime damages expected to hit $6 trillion annually by 2021, according to a report,
Cybersecurity Venture
.
Prevent rather than remediate
APTs continue to use a familiar route to achieve exploitation. According to Mandiants M-Trends, details of the exploitation lifecycle can be summed up as follows:
Step 1: Reconnaissance
Step 2: Initial Intrusion into Network
Step 3 Establish Network Backdoor
Step 4: Obtain User Credentials
Step 5: Install Various Utilities
Step 6: Privilege Escalation/Lateral Movement/Data Exfiltration
Step 7: Maintain Persistence
However, its Step 2 -- the initial intrusion -- that remains the critical step for APT operators.
Gaining a beachhead in the target environment is the primary goal of the initial intrusion. Once a network is exploited, the attacker usually places malware on the compromised system and uses it as a starting point or proxy for further actions. Malware placed during the initial intrusion phase is commonly a simple downloader -- a basic Remote Access Trojan or a simple shell.
The problem is that few cybersecurity tools can detect shellcode that uses dynamic packers for which no known signatures and patterns are available.
Its clear that preventing an intrusion early -- before the need for costly remediation -- is the best, and cheapest, practice for fighting APTs. In 60% of cases, attackers are able to compromise an organization within minutes, but it takes most businesses nearly 200 days to detect a breach on their network, which means remediation costs skyrocket.
Detecting the evasive
Attackers still possess the edge, particularly in zero-day exploits, despite considerable security investment. Traditional cybersecurity software applications often become counter-productive by identifying malicious threats and analyzing the questionable behavior within the threats target environment.
To keep ahead of prevention itself, you need an elegant security protection architecture that is evasion-proof.
By systematically scanning for hidden code instructions instead -- or any other commands that might indicate malicious intent -- an evasion-proof architecture will not open or execute incoming files. By looking at the code verses the exploit within, no doomsday device will be set off and the platform can catch any suspicious code, place it in quarantine and review at a later time.
Ultimately, no malicious code can evade detection because it never gets a chance to execute itself.
Boost your understanding of new cybersecurity approaches at Light Readings
Automating Seamless Security event
on October 17 in Chicago! Service providers and enterprise receive FREE passes. All others can save 20% off passes using the code LR20 today!
Similarly, such a platform would analyze and interpret script by using a proprietary limited interpreter, that evaluates every single statement line by line. Every possible flow of execution, including conditional branches are being exposed and normalized.
When it comes to malicious URLs, the platform could accurately detect and differentiate between hyperlinks and automatically invoked remote objects, yielding information on the purpose of every remote object, and its behavior. It would determine the type of embedding used, even without the need to fetch the actual remote file or object, figure out its level of maliciousness in real time, and block even the most evasive malware.
Why worry about scores based on heuristics or behaviors or false-positive or false-negatives when you can get a deterministic outcome with detailed meta data for deep forensic analysis?
By not relying on underlying technology stack variations or requiring a carefully curated environment for runtime analysis, an evasion-proof architecture is incredibly effective in stopping todays attacker whether known or unknown, and is, as such, future ready as well.

Boris Vaynberg is CEO and a co-founder of Solebit. His previous experience includes positions at Elbit Systems Intelligence and Cyber Solutions division and Comsec Consultings Information Security division. He also served for six years in an elite technology unit of the Israel Defense Forces (IDF).
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
APTs: Nows the Time for a New Approach