• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Targeted Attacks   »   Advanced Persistent Response Thwarts Malicious Digital Insider

Advanced Persistent Response Thwarts Malicious Digital Insider

  • Posted on:September 24, 2012 at 10:07 am
  • Posted in:Targeted Attacks
  • Author:Tom Kellermann
0

Mainstream media have repeatedly described the threat landscape as constantly evolving, that attacks are becoming more sophisticated and the people behind these are more equipped. This assertion, though certainly true, elicits questions on how sophisticated these targeted attacks are, how a digital insider stays hidden, and how to mitigate these threats.

By now, we are all aware that traditional defences are no longer effective in addressing these threats. In fact, based on a Trend Micro research, over 90 per cent of enterprise networks contain malware with one new threat created every second. Enterprises are also besieged by other challenges such as:

  • Increasing cloud-based IT environments hounded by the increase use of employee-owned mobile devices in the workplace.
  • Availability of cybercrime tools on the Internet, in turn making the accessible to any potential attacker.
  • Cyber attacks initiated by organized crime gangs are also becoming more sophisticated and precise than ever before.

The big problem, however, is not just that a digital intruder will attempt to control the network, but that it will propagate, exfiltrate data and maintain its activities hidden. Its ability to evade detection, ultimately, is what makes these targeted attacks more problematic.

Digital Insiders: One Step Ahead of IT Admins

Digital insiders are aware on how IT administrators would respond to a possible data breach. Typically, they scout for possible exploitable vulnerabilities and signs of communication with an unknown IP address. To circumvent their efforts, attackers may patch vulnerabilities. This serves another purpose: patching vulnerabilities prevents other hackers to piggy back on their efforts.

Digital insiders also moves their communication and control inside the ecosystem and impose a ‘sleep cycle’ to avoid easily detectable communication. They may attempt to reach out to an outside IP address once in a while such as with the recent Ixeshe campaign. In the case of the recent Flashback Mac malware, the bad guys may use specialized technique that prevents security researchers from doing malware analysis.

Thwarting Digital Insiders

This is a new breed of sophisticated threats that require an advanced persistent response from organizations. To gain an upper hand, firms must be able to spot the unwanted intruder and constantly foil their efforts through:

  1. Correlating and associating cybercrime activities in the wild with what is happening on an enterprise’ network using big data analytics. This enables organizations to spot possible correlations between the two and giving them the needed information to create a concrete action plan.
  2. Multi-level rule-based event correlation such as featured in Trend Micro’s Deep Discovery. Given that these guys are experts in keeping their activities hidden, this is a useful tool to identify any dubious activity inside an organization’s network and point out possible threat actors and monitor their activities.

In other words, this may require organization to increase their awareness of the activities on their networks and the ability to correlate events to thwart the digital insider’s malicious activities.

Read the full report How to Thwart the Digital Insider – an Advanced Persistent Response to Targeted Attacks.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: APTtargeted attacks

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • (Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
  • Waterbear is Back, Uses API Hooking to Evade Security Product Detection
  • December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes
  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

Popular Posts

  • Mac Backdoor Linked to Lazarus Targets Korean Users
  • More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days
  • Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.