CS Sep-Oct 2021

More documents

Recommendations

Info

APTs HOW TO DISRUPT THE KILL-CHAIN IT MIGHT TAKE ONLY MINUTES FOR A CYBERCRIMINAL TO BREAK INTO YOUR NETWORK - SO HOW DO YOU ENSURE THEY NEVER GET THAT FAR? From cyber criminals who seek personal financial information and intellectual property to state-sponsored cyber attacks designed to steal data and compromise infrastructure, today's advanced persistent threats (APTs) can sidestep cyber security efforts and cause serious damage to your organisation. A skilled and determined cyber criminal can use multiple vectors and entry points to navigate around defences, breach your network in minutes and evade detection for months. APTs present a massive challenge for organisational cyber security efforts. "While traditional cybersecurity measures are effective for dealing with opportunistic cybercrime, they are not enough to protect organisations against APT attacks," says David Emm, principal security researcher, Kaspersky. "Rather, it's essential to deploy a specific anti-targeted attack solution that is able to proactively monitor the network and combines extended detection and response capabilities - combining in-depth investigation, threat hunting and central management and co-ordination. 360-DEGREE VIEW "Counteracting modern cyber-threats also requires a 360-degree view of the TTPs [Tactics, Techniques and Procedures] used by advanced threat actors. While the TTPs of some APT threat actors remain consistent over time, others refresh their toolsets and infrastructure, and extend the scope of their activities. Nevertheless, it's difficult for attackers to completely change their behaviour and methods during attack execution - so identification and analysis of these patterns promptly helps organisations deploy effective defensive mechanisms in advance, thereby disarming attackers and disrupting the kill-chain," states Emm. "That's why it's important to harness the benefits of threat intelligence, to track threat actors and uncover the most sophisticated and dangerous targeted attacks across the world. This will enable organisations to proactively deploy effective threat detection and risk mitigation controls for the associated campaigns - across enterprises, financial services businesses, government organisations and managed security service providers." Organisations that rely solely on defencein-depth, firewalls and antivirus risk leaving themselves open to cyber-attacks, especially given how massive an undertaking tracking, analysing, interpreting and mitigating constantly evolving IT security threats is. "Enterprises across all sectors are facing a shortage of the up-to-the-minute, relevant data they need to help manage the risks associated with IT security threats, due to: real threats being buried among thousands of insignificant alerts; poor incident prioritisation; inadequate internal funding due to poor risk visibility; undiscovered, but active, threats lurking within an organisation; unknown attack vectors being missed; and companies pursuing a security strategy that's not aligned with the current threat landscape," he cautions. "Even sophisticated APT threat actors typically gain an initial foothold by using social engineering to trick staff into doing something that jeopardises corporate security - eg, clicking on a malicious link - so it's vital to find imaginative ways to 'patch' the organisation's human resources. This means identifying risky behaviours and developing a plan for reshaping people's behaviour. The ultimate goal should be to develop a security culture that encompasses digital and realworld behaviour - and extends into how staff operate when at home or when travelling. Purpose-built online security awareness platforms can help with this." INFILTRATION "Using Advanced Persistent Threats, threat actors utilise various methods to infiltrate targeted networks," says Bindu Sundaresan, director at AT&T Cybersecurity." Some of the standard attack methods she points out include: Social engineering: the attackers employ manipulative means to obtain confidential information. This includes phishing attacks, pretexting, tailgating, and other means to enter the targeted network Zero-day attack: the attackers profit from a security flaw in software before a security patch is made or installed Supply chain attack: the attackers exploit vulnerabilities within the supply chain. These may be commercial partners and suppliers who are connected to the targeted network Use of backdoors: the attackers exploit undocumented access to software or use 32 computing security September 2021 @CSMagAndAwards www.computingsecurity.co.uk
APTs malware to install backdoors that bypass authentication. The defence-in-depth model needs to evolve to stay relevant by adopting automated security and a zero-trust model, she points out. "With this model, security teams can scale their efforts in the constantly-changing world of cybersecurity. There are different levels of traditional cybersecurity tools, such as firewalls, antivirus, and defence in depth (IPS, IDS), which aren't enough against an attack by an APT. Still, they are necessary as essential foundational must-haves from a security standpoint. Advanced security consisting of network devices with sandboxing systems, new generation SIEM, EDR and subscriptions to cyber intelligence services are essential to detect and respond to attacks of the APT magnitude. Early detection of APT attacks is critical for successful mitigation before networks are compromised and sensitive data is exposed." APT is a multi-faceted attack and defences must include multiple techniques, such as email filtering, endpoint protection, privileged access management, and visibility into the traffic and user behaviour," continues Sundaresan, expanding on these as follows: Email filtering: "Most APT attacks leverage phishing to gain initial access. Filtering emails, and blocking malicious links or attachments within emails, can stop these penetration attempts." Endpoint protection: "Most APT attacks involve the takeover of endpoint devices. Advanced anti-malware protection and Endpoint Detection and Response can help identify and react to compromise of an endpoint by APT actors." Access control and Privileged Access Management: "Strong authentication measures and close management of user accounts, with a particular focus on privileged accounts, can reduce APT risks." Monitoring of traffic, user and entity behaviour: "Visibility and monitoring can help identify penetrations, lateral movement and exfiltration at different stages of an APT attack." As the definition of APT implies success against you and your organisation, never has detection and response been so important, she concludes. "Preparation is paramount; the fight against APT is a continuous effort," she warns. "Organisations need to become aware of the nature of these attacks, and the types of effective practices and technologies that can help to combat them." MURKY DEPTHS For years, threat actors, like nation states and cybercriminals, had distinct motivations and different tools, comments Sam Curry, chief security officer, Cybereason. "Nation states, or 'advanced persistent threats' as we called them, moved like submarines, stalking ships in the waters of target networks, carrying out the policies of their governments and providing asymmetric options, aside from the normal diplomatic, economic, and military strategies and tactics. "By contrast, the fight against cybercriminals more resembled battleship warfare than submarine. The motivation among criminals was profit and, as such, it was about maximising the number of victims and wringing every drop from an infection for as long as possible. Even in the old days, the security industry was not up to the task of stopping either the malicious operations of nation states nor the smash-and-grab theft of cybercriminals." The silver lining, however, adds Curry, is the emergence of endpoint detection and response (EDR), which is often mistaken for a mere extension of existing endpoint protection technologies like antivirus or personal firewalls. "It is a tool for finding the Sam Curry, Cybereason: nation states moved like submarines, stalking ships in the waters of target networks. Bindu Sundaresan, AT&T Cybersecurity: the defence-in-depth model needs to evolve to stay relevant. www.computingsecurity.co.uk @CSMagAndAwards September 2021 computing security 33
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment 2021 COMPUTING SECURITY AWA
Page 5 and 6: There’s a difference between feel
Page 7 and 8: ADISA ICT Asset Recovery Standard 8
Page 9 and 10: UNIQUE EVENT FOR THE CYBER SECURITY
Page 11 and 12: ansomware BASIC SECURITY IS ESSENTI
Page 13 and 14: 50 % OFF RANSOMWARE PREVENTION & PR
Page 15 and 16: information security things, but, w
Page 17 and 18: health check This has enabled indiv
Page 19 and 20: global intelligence will have impli
Page 21 and 22: all at sea CRUISING FOR A BRUISING
Page 23 and 24: all at sea Secondly, adversaries' c
Page 25 and 26: information security more effective
Page 27 and 28: new-world shakeup for every employe
Page 29 and 30: global intelligence Incident Notif
Page 31: CS Nominations 2021 NOMINATIONS OPE
Page 36: Pragmatic and experienced risk mana

CS Sep-Oct 2021

Create successful ePaper yourself

Delete template?

Save as template?