Download PDF - Codenomicon
Download PDF - Codenomicon
Download PDF - Codenomicon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs)<br />
1 Introduction<br />
The security landscape is changing: Governments, critical infrastructure providers and defense organizations<br />
increasingly rely on the Internet to perform mission-critical operations. At the same time, cyber attacks<br />
have become more professional with attackers investing more time and money into creating detection<br />
evasion techniques and developing sophisticated, targeted attacks exploiting zero-day vulnerabilities.<br />
Zero-day exploits are the biggest threat to security, because there are no defenses against them and the<br />
attacks can go unnoticed. Most organizations are not even prepared against popular untargeted malware,<br />
not to mention for Advanced Persistent Threats (APTs). They rely largely on signature-based security solutions,<br />
which only defend against known threats and require continuous rule updates to even stay up-to-date<br />
on cyber attacks.<br />
In this paper, we take a two-fold approach to securing networks against APTs. Firstly, we discuss using fuzzing,<br />
a robustness testing technique, to discover exploitable zero-day vulnerabilities proactively. Secondly,<br />
we present a botnet-inspired system which enables organizations to expand their knowledge of Internet<br />
abuse without straining their security resources by better utilizing security information already provided by<br />
the security community. By collecting security information from public and private feeds and automatically<br />
generating actionable abuse reports organizations can adopt cost-effective processes for detecting malicious<br />
activity and mitigating incidents. It is equally important to ensure the security and robustness of critical<br />
networks and services and to develop capabilities for detecting attacks at the earliest possible moment.<br />
By implementing fuzzing into your software development and procurement processes and having good<br />
abuse situation awareness, you can prepare your networks against APTs.<br />
2<br />
Advanced Persistent Threats<br />
(APTs)<br />
Internet abuse refers to the misuse of the Internet to injure and<br />
disturb other users. It is an umbrella term covering cyber crime,<br />
hacktivism, attacks by nation-state sponsored adversaries and<br />
hobbyist crackers. Different types of internet abuse include<br />
unauthorized network access, data theft and corruption, disruptions<br />
to normal traffic flow (e.g. DoS and DDoS attacks), the<br />
propagation of malware, spamming, phishing and botnets. APT<br />
refers to sophisticated Internet abuse performed by highlymotivated<br />
and well-resourced groups, such as organized cyber<br />
criminals, hostile nation states and hacktivists. These attacks<br />
frequently utilize unknown, zero-day vulnerabilities. Zero-day<br />
vulnerabilities pose the greatest threat to network security, because<br />
there are no defenses for attacks against them [1]. The<br />
attacks can go unnoticed and once discovered it takes time to<br />
locate the vulnerabilities and to create patches for them [1]. Advanced<br />
attacks, like the Stuxnet, can utilize multiple zero-days<br />
making them extremely difficult to defend against.