The cyberthreat landscape is constantly evolving, as cybercriminals continue to find vulnerabilities to exploit. Advanced Persistent Threats (APTs) are a growing concern that businesses need to guard against. While these highly targeted attacks are as common as more broadly-targeted events, they are devastating when successful, exposing sensitive data that could ruin business reputation, not to mention causing compliance breaches. With the Work From Home (WFH) scenario now an ongoing reality for many organisations, it is critical to relook security strategy and controls to address potential gaps.
What is an APT?
“An APT is a set of stealthy and continuous computer hacking processes, typically orchestrated by criminals targeting a specific entity. These threats often include unknown and undocumented malware, including zero-day attacks. They are designed to be evolving, polymorphic and dynamic, and they are targeted to extract or compromise sensitive data, including identity, access and control information,” says Ashley Lawrence Regional Sales Senior Manager – Sub-Saharan Africa from SonicWall.
The challenge with APTs is the very fact that they are advanced – meaning that they do not just use a single attack strategy, but multiple sophisticated and often innovative methods of breaching networks. They are also persistent, meaning that they continue to probe and attack until they are successful.
Once malware is inserted and established on the network, it can collect and exfiltrate data off the network, under the full control of the threat actor. Evidence of the APT attack is then removed, but the network remains compromised, which means the cybercriminal can return at any time.
Covid and the work from home scenario
The events of the past year, which forced many organisations to adopt a remote workforce, have extended corporate networks beyond the firewall and have placed new demands on IT infrastructure.
“APTs are not a new phenomenon, but incidents of such attacks have become more prevalent as cybercriminals look to leverage the current climate. Organisations need to ensure they are protecting themselves from all vulnerabilities, using security best practices, strategies and technologies. In addition, we need to ensure extra controls are in place to protect networks in the WFH, work from anywhere world,” says Simeon Tassev QSA & MD at Galix.
Additional precautions are essential for safely establishing and maintaining a remote workforce, but many businesses and their employees were and are inadequately prepared. Cybercriminals have adapted their strategies to take advantage of the pandemic and vulnerable WFH IT connections, successfully capitalising on the situation.
“SonicWall Capture Labs discovered the first Covid-19 related exploit on the 4th of February 2020. It has now counted 20 Covid-19 related exploits in nearly every category, from Malware to Ransomware, Trojans and more. Most recently, we’ve learned that Chinese hackers stole information from Spanish centres working on Covid-19 vaccines. The latest SonicWall Cyber Threat Report offers a look at how cybercriminals shifted and refined their tactics, painting a picture of what they are doing amid the uncertain future that lies ahead,” adds Lawrence.
Defending against the threat
As always, it is vital to build a layered defence that starts at the network and moves down the endpoint and then back up to the cloud. Firewalls remain a mainstay of security, protecting against 99% of threats today. However, when it comes to APTs and targeted attacks, this is insufficient. Additional technology is required to find unknown threats, including advanced endpoint protection, network sandboxes and more.
“Businesses can look at deploying a technology called Capture Advanced Threat Prevention (Capture ATP) with Real-Time Deep Memory Inspection (RTDMI). Using these tools, files are checked against a list of ‘allow’ or ‘block’, and if they are not on this list, they are sent to either a Capture ATP Point of Presence (PoP) for examination by the cloud-based sandboxing technology, or to an organisation’s on-premise Capture Security appliance (CSa) for examination. This technology is designed to meet advanced threats, particularly newly-minted ransomware attacks that other solutions will not pick up on,” says Lawrence.
Simple steps are still essential
While APTs can cause catastrophic damage to businesses, they are not the only threat out there, nor are they the most common. Phishing remains the top attack vector, which makes phishing awareness training, backed by advanced email security, a top priority. The best defence is to block phishing emails before they even get to employees.
“Even with the right technology solution in place, it is essential to ensure employees are aware of phishing and other malware attacks and how to protect themselves. Education is key, along with other best practices such as effective passwords and two-factor authentication. Integrating layers of threat detection, including advanced security solutions that make use of AI and machine learning, along with simple security practices, can help organisations to protect themselves against the majority of threats today,” Tassev concludes.