• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Do you have what it takes to Detect and Respond to Targeted Attacks?

Do you have what it takes to Detect and Respond to Targeted Attacks?

  • Posted on:June 18, 2014
  • Posted in:Security
  • Posted by:
    Bob Corson
0

With the topic of targeted attacks and advanced threats capturing so much attention as of late, you could be forgiven for some initial scepticism on yet another article on the subject. However, despite the justifiable attention to the topic, the truth is that targeted attacks are a major yet relatively unmanaged threat to your data and intellectual property.  Before you develop a list of options to the problem, it is crucial to consider the nature of the problem from the eyes of your adversary… that being the attacker.

Walk a Mile in an Attacker’s Shoes

“It is said that if you know your enemies and know yourself, you will not be imperilled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you  do not know your enemies nor yourself, you will be imperilled in every single battle.”

– Sun Tzu

As is the case when resolving any major problem, context is always king.  With respect to targeted attacks and advanced threats, prior to purchasing what some might claim to be the most popular mouse trap du jour, a few considerations of what life is like should you suddenly adopt the persona of your rival and be donning the footwear of an attacker:

  • You always seek the path of least resistance to breach a network
  • Your modus operandi is to evade detection
  • Tools, techniques and expertise to help you succeed are but a mouse click away
  • You conduct advance reconnaissance to identify the security footprint, computing environments, and general lay of the land of your target
  • You take advantage of the reams of information and insight on the organization and key employees of your target for the purpose of creating a socially and professionally relevant delivery mechanism for your advanced malware
  • You then custom design, build and test advanced malware to breach the existing defences of your target
  • Your attack methods are both flexible and unpredictable. You exploit the fact that a targeted attack takes little skill to execute yet far greater skill and expertise to detect

 

The takeaway to all this being, any suggestion that targeted attack patterns follow predefined methods of communication or routes into your network is quite simply both myopic, and, ignores the realities of the mind-set of an attacker.

 

Just The Facts

A recent blog post used an analogy of a cookie monster to illustrate the motivations behind attackers. This use of a common experience most of us went through as a child illustrates why a comprehensive ability to detect targeted attacks and advanced threats means more than just keeping an eye on a few protocols. Further, ignoring communication over the majority of your network ports and only monitoring north-south communication on your network will do nothing but create a false sense of security, and, is oblivious to how attackers think and act.  And now for some supporting evidence courtesy of research completed by the folks at Trend Micro Labs.

CD 1

 

 

 

 

 

 

Figure 1 Poison Ivy Malware – Use of Multiple Ports (click image to enlarge)

 

With reference to Figure 1, it is clear that attackers design malware to utilize a variety of network ports. The takeaway being, if your defense against targeted attacks does not have visibility into all network ports, attackers will exploit these oversights to their advantage.

CD 2

 

 

 

 

 

 

 

 

 

 

Figure 2 Evil Grab Malware – Use of Multiple Protocols (click on image to enlarge)

 

With reference to Figure 2, attackers utilize a variety of communication protocols. Again, if your defense against targeted attacks does not have visibility into anything more than a handful of applications and protocols, attackers will quickly learn what is monitored and what is not and will adapt their customized malware accordingly.

 

CD 3

 

 

 

 

 

 

Figure 3 IXESHE Malware – Attack Evolution (click on image to enlarge)

 

With reference to Figure 3, the sample of IXESHE malware demonstrates how attackers vary the structure and methods of an attack as well. Each configuration represents how the attack was structured. While you may recognize a suspect server or IP address at one point in time, this does not mean attackers will use the same infrastructure, attack methods or structure you may have detected.  Fact is you need the flexibility to identify inbound, outbound and lateral communication across your network.

Why All This Matters
Trend Micro predicted at the end of last year that 2014 would see one major breach incident a month, but already we’ve seen that figure has underestimated the scale of the problem. Big name US brands including Michael’s, Neiman Marcus, Sally Beauty and eBay have all confessed to breaches so far this year.

The costs to these firms from investigation and remediation; financial penalties; loss of revenue and brand equity; and possible litigation can run into the millions very quickly. As an example from a prior attack, EMC claimed the RSA Security breach may have run to as much as $66m, while Wall Street analysts are saying that retailer Target could eventually be down by as much as $1 billion. These potentially severe business impacts should be focusing the minds of board room members all over the world.

How to Detect and Respond to Targeted Attacks and Advanced Threats     

Ensuring your data, intellectual property and communication are kept beyond the reach of attackers is not a one-size-fits-all solution. Quite simply, you are unable to respond to any attack or attack method that you cannot detect. Enabling effective detection of targeted attacks and advanced threats is directly related to both the breadth of the field of view and the effectiveness within which attack and attacker behaviour can be detected.

Three attributes speak to why Trend Micro should be on your short list for solutions to detect and respond to targeted attacks:

Smart

  • Nowhere for attackers to hide: best in class detection over eighty protocols and applications, and, across every network port
  • Rapid Detection: Advanced algorithms and threat engines identify advanced malware, zero day exploits, known threat attributes, command and control, attacker behaviour, lateral movement and other threat activity.
  • Mirroir Image: Easy to manage custom sandbox environments that match your gold standard images to improve malware detection rates and foil attacker evasion

Simple

  • Easy to Deploy: A single, purpose-built appliance…not one per protocol
  • Easy to Use: Single appliance with flexible form factors and network bandwidth options
  • No extra charges: Correlated threat intelligence without any recurring fees

Security that Fits

  • Intelligence sharing with SIEMs, gateways and other security infrastructure
  • No Heavy Lifting: Seamlessly fits into your network to monitor inbound, outbound and internal traffic

 

Learn more here about how Trend Micro can help your organization detect and respond to targeted attacks.

 

Related posts:

  1. To Respond to Targeted Attacks, You Must Detect the Unseen
  2. Cookie Monsters and Why Targeted Attacks and Advanced Threats Demand You Pay Attention to “CAUTION” Signs
  3. Stop Targeted Email Attacks: Removing the Path of Least Resistance for Attackers
  4. Targeted Attacks: Not just for “too big to fail” any more

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.