• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Current News   »   What Enterprise Leaders Should know about Persistent Threats in 2019

What Enterprise Leaders Should know about Persistent Threats in 2019

  • Posted on:January 31, 2019
  • Posted in:Current News, Security
  • Posted by:
    Trend Micro
0

Staving off critical threats in the current cybersecurity landscape is a tall order for any size organization. As hackers continually shift and improve upon their attack and breach strategies, IT and security stakeholders must do their best to keep up and remain informed of these trends. This is one of the best and most successful ways of staying ahead of the increasing wave of threats that impact businesses across industry sectors.

One particular security issue that’s come to light recently are persistent threats. Advanced persistent threats, or APTs, represent a category of their own, and attacks that fall under this umbrella can be especially damaging.

After delving through expert analysis, user behaviors, market trends and other resources, Trend Micro researchers have identified a few of the outstanding persistent threats that will emerge this year. Enterprise leaders that inform themselves and spread awareness of these security threats stand the best chance of safeguarding their company’s sensitive data, systems and intellectual property.

What is an APT?

As Trend Micro noted in its definition, APT is a term adapted from the military sector and applied to security to demonstrate threats carried out by attackers leveraging in-house tools. Because these approaches to attack and breach are not usually seen within the cybercriminal underground circles, they are unique and warrant their own classification.

However, as Trend Micro noted, APTs exist in a category of their own, and are different from persistent threats and targeted attacks. Where APTs are more sophisticated and leverage more original, in-house tools to support infection, persistent threats are those that use more recognizable and familiar strategies of attack. That’s not to say, though, that persistent threats aren’t a major security issue for enterprises.

In addition, the term “targeted attack” typically emerges in conjunction with the APT discussion. Although APTs can involve a specific target, there is a distinction to be aware of here.

“While targeted attacks also involve complex stages similar to APT. their targets are different; targeted attacks aren’t carried out by nation states,” Trend Micro’s definition stated. “Meanwhile, APTs are more sophisticated in nature and require deft knowledge and skills to execute. It is also typical of APT attacks to go after a country’s infrastructure, such as power grids, nuclear reactors, or fuel pipelines.”

This year, APTs as well as persistent threats will impact organizations and individual users alike. Let’s examine some of the threats outlined in Trend Micro’s new report, “Mapping the Future: Dealing with Pervasive and Persistent Threats,” as well as what these issues mean for today’s enterprise leaders.

APTs are their own unique type of attack.

Consumer threats: Social engineering and use of breached credentials

While business leaders may not be particularly concerned about threats that target individual consumers specifically, it’s important to have awareness of these, particularly if the organization operates within the tech or other advanced and highly-targeted sector. Consumer threats like those discussed in Trend Micro’s report may impact an organization’s client base or target audience. In addition, depending on the nature of the business, users may turn to the company as a trusted and authoritative source for information, awareness, tips and best practices. In this way, being informed and aware of consumer-targeted threats can benefit an enterprise.

Two issues to be aware of in this arena include a rise in social engineering attacks, and the fraudulent use of stolen credentials. As Trend Micro noted in its report, individual consumers will be hit with a considerably higher rate of social engineering attacks that leverage phishing techniques. Advanced threats like this prey on victims’ emotions, and utilize publicly available information to better tailor phishing messages and encourage successful intrusions.

Often, breaches center around data theft, including highly sensitive consumer information. News reports of millions of customers and their personal information being impacted by a breach are nothing new. But this year, experts predict a sharp rise in fraudulent activity connected with the theft of breached credentials.

“Breached credentials will be actively and heavily used in fraudulent transactions as cybercriminals take the next logical step after amassing data breach info dumps in past years: using these stolen credentials,” the report stated. “We will see cybercriminals signing up with stolen account credentials for mileage and rewards programs, and using them to register trolls for cyberpropaganda, manipulate consumer portals by posting fake reviews, or add fake votes to community-based polls — the applications are endless.”

As these types of instances of fraud increase, it can be helpful for organizations to put additional layers of vetting and verification in place for account set-up. Checking that an individual is who they claim to be can support more robust data security on the part of the organization and help reduce instances of fraud.

Automation and its impact on BPC

Business Process Compromise, or BPC, became a significant threat last year, wherein hackers breach certain business processes for profit. Trend Micro experts predict that this issue will not only continue this year, but will become heightened thanks to growing use of automation.

Automated software programs overseeing and managing key business processes will likely create increased opportunities for hackers to silently infiltrate. Making matters worse is the fact that this risk could travel up the supply chain and impact an organization’s vendors and partners as well.

In this way, it’s imperative for all automated systems to be properly vetting and strongly secured from the point of deployment to reduce the risk of BPC.

New players enter the APT arena

In addition to these robust predictions from Trend Micro’s report, security experts at Kaspersky Labs forecast a rise in APT activity, coming at the hands of newcomer threat actors. Reporting on Kaspersky’s predictions, Newsbytes noted that even novice individuals can now access resources to support successful APT attacks.

“The barrier to entry has never been so low, with hundreds of very effective tools, re-engineered leaked exploits and all kinds of frameworks, publicly available for anyone to use,” Newsbytes explained.

In particular, experts predict a rise in APT activity targeting organizations in South East Asia and the Middle East. Organizations inside and outside of these regions must be on the lookout for suspicious activity that can point to an APT attack, including the use of social engineering and zero-day vulnerabilities.

Safeguarding data in the age of persistent threats

In addition to these threats, Trend Micro also highlighted other security issues within its report, including:

  • Cybercriminals leveraging more advanced tactics to blend in and hide their malicious activity.
  • Rising exploit attacks being based on non-zero-day vulnerabilities.
  • APTs targeted industrial control systems heightening risks in essential service sectors.
  • Increasing risks to cloud software systems.

It’s imperative for enterprise leaders to aware of what’s on the horizon within the current and emerging threat landscape. Furthermore, stakeholders must work with their internal IT security leaders as well as their technology vendors to enable a proactive protection stance against these malicious tactics.

Check out Trend Micro’s report to learn more about the persistent threats that we’ll see this year.

Related posts:

  1. Advanced persistent threats are sophisticated but manageable
  2. Organizations must defend against advanced persistent threats
  3. TweetChat: Advanced Persistent Threats
  4. This Week in Security News: Instagram Hackers and Enterprise Threats

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.