Posts Tagged ‘APTs’
Thursday, July 25, 2013 @ 06:07 PM gHale
There has been an uptick in more sophisticated and targeted malware attacks over the last 24 months, a new survey said.
The most likely avenue for a malware attack, and cause for successful malware attacks, is lack of user knowledge about cyber security risks, according to a survey of 315 North American-based IT security professionals working at enterprise-class organizations (1,000 employees or more) sponsored by Malwarebytes and conducted by Enterprise Strategy Group (ESG).
The study found enterprise organizations are seeing an increase in more sophisticated malware and are making it a strategic priority to add new layers of endpoint security to protect their organizations against advanced Zero Day and polymorphic threats commonly used for targeted attacks.
“As cyber-attacks become more sophisticated, IT security professionals are realizing that relying on only one layer of endpoint security isn’t enough. Each endpoint needs multiple layers of malware detection to ensure complete protection,” Marcin Kleczynski, chief executive of Malwarebytes. “The reality is, most antivirus products will miss nine out of 10 Zero Day malware threats, and having a layered approach blocks advanced threats that traditional antivirus scanners may fail to detect.”
The ESG report found the majority of respondents have seen an uptick in more sophisticated and targeted malware attacks over the last 24 months. However, 62 percent of organizations surveyed said endpoint security software is not effective for detecting Zero Day and/or polymorphic malware, which leaves them vulnerable to these attacks. Likely avenues for malware to compromise an organization’s system included employees opening an infected email attachment and unwittingly clicking on an infected URL while surfing the Web. Survey respondents indicated an employee clicking on an infected URL posted within an email was the most likely vector for malware to infiltrate their organizations.
On average, it took 57 percent of respondents hours to detect that an IT asset suffered a compromise by malware. It took 19 percent of organizations several days to determine there had been an attack, and 29 percent of respondent organizations that have suffered a successful malware attack believe the increasing use of social networks is responsible for those attacks.
In addition, two-thirds of U.S.-based respondents do not believe the U.S. federal government is doing enough to help the private sector cope with the current cyber-security and threat landscape, and 85 percent of IT security professionals expressed concern about some type of massive cyber attack that could impact critical infrastructure, the economy and/or national security.
“When it comes to managing malware risk, enterprises would be best served by implementing a layered approach using proactive and reactive lines of defense through their networks. Antivirus software plays a key role in protecting organizations, but it should not be the only method used to deter malware attacks,” said Jon Oltsik, senior principal analyst at ESG. “Additionally, sometimes the biggest vulnerability in an organization is the computer users. Because employee actions can greatly impact computer security, educating employees on potential threats and how to avoid them should be made a priority.”
Thursday, July 25, 2013 @ 05:07 PM gHale
Senior executives are now becoming very aware of the cyber threat hanging over them with over 66 percent of the top brass concerned their companies will not be able to stop cyber threats, and one in five say their biggest concern is not knowing whether an attack is underway, a new survey found.
However, sometimes fears don’t always translate into fixes. Of those surveyed, 42 percent report not having an Incident Response Team in place, and nearly half (47 percent) said they are not making use of advanced malware analysis tools, according to the ThreatTrack Security report.
The independent blind survey of 200 C-level executives at enterprises ended up conducted by Opinion Matters on behalf of ThreatTrack Security in June 2013. The results highlight the opinions of CSO, CIO, CEO and CTO executives related to the cyber security practices of their companies.
At a time when advanced persistent threats (APTs), targeted attacks, Zero Day threats and other sophisticated malware have become profitable businesses for malware writers and cybercriminals, many large enterprises are still struggling with how to protect themselves.
It is especially telling that, according to the study, 97 percent of enterprises with annual security budgets over $1million still report concerns they are vulnerable to malware attacks and cyber espionage tactics.
“Enterprises are facing an unprecedented surge of highly targeted and sophisticated threats that are designed to evade traditional malware detection technologies,” said Julian Waits, chief executive at ThreatTrack Security. “The only way to battle these threats effectively is with a combination of highly skilled cyber security professionals armed with the strongest malware analysis tools available. Companies that don’t employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys.”
Key findings from the survey include:
• 69 percent of executives fear their organizations may be vulnerable to targeted malware attacks, APTs and other sophisticated cybercrime and cyber-espionage tactics.
• More than one in five enterprises (21 percent) said their biggest concern is not knowing whether an attack is taking place.
• 47 percent said their cyber defense does not include an advanced malware analysis tool, such as a malware analysis sandbox; 42 percent do not have a dedicated Incident Response Team employed.
• One third of the enterprises surveyed say they are aware of a targeted malware attack against their company, including 50 percent of financial services firms and 53 percent of manufacturing companies.
• 82 percent of financial services firms fret over APTs and sophisticated attacks, but only half of them employ an advanced malware analysis tool like a sandbox.
• 36 percent of enterprises said they fear losing proprietary intellectual property and trade secrets in a breach than they are about losing their customers’ personally identifiable information (such as credit card data, social security numbers or medical records).
Friday, February 22, 2013 @ 03:02 PM gHale
Even in today’s heightened digitally aware environment, companies remain unprepared to protect themselves against an emerging, relentless cyber security danger that threatens national security and economic stability, a new survey said.
Advanced persistent threats (APTs) are not easy to eliminate, which makes them different from traditional threats, according to global IT association ISACA. But an ISACA survey of more than 1,500 security professionals found 53 percent of respondents do not believe APTs differ from traditional threats.
This disconnect indicates IT professionals and their organizations may not be fully prepared to protect themselves against APTs, ISACA said.
“APTs are sophisticated, stealthy, and unrelenting,” ISACA International Vice President Christos Dimitriadis said. “Traditional cyber threats often move right on if they cannot penetrate their initial target. But an APT will continually attempt to penetrate the desired target until it meets its objective — and once it does, it can disguise itself and morph when needed, making it difficult to identify or stop.”
High-profile examples of APTs include the Google Aurora attack, disclosed in January 2010, and an attack on security, compliance, and risk management provider RSA in 2011. Although APTs are espionage tactics that often look to steal intellectual property, the Google Aurora and RSA attacks show these threats are not just facing government entities, the report said.
Although more than 70 percent of IT professionals surveyed said their organizations are able to detect APT attacks, and more than 70 percent said they are able to respond to APT attacks, their description of controls indicate a misunderstanding and lack of preparation, according to ISACA. Top controls enterprises use to stop APTs were anti-virus and anti-malware programs (95 percent), and network perimeter strategies such as firewalls (93 percent).
The difference is APTs can get around these types of defenses. “APTs call for many defensive approaches,” said ISACA Director Jo Stewart-Rattray.
APT hackers do use social media to learn information about employees of organizations. Then they send “spear phishing” emails that appear legitimate. Ninety percent of respondents in the ISACA survey said the use of social networking sites increases the likelihood of a successful APT attack.
While 22 percent of respondents said they suffered an APT attack, 63 percent said it is only a matter of time before their enterprise ends up targeted by an APT.
“We are only in February, and already we can declare 2013 as the year of the hack,” Tom Kellermann, vice president of cyber security for Trend Micro said in the news release. “… Enterprises are under attack, and they don’t even know it.”
Click here to register to download the report.
Thursday, February 21, 2013 @ 05:02 PM gHale
Sophisticated attacks that once targeted the financial services industry are now going out to other critical sectors, while the bad guys are employing new tactics and technologies to avoid industry-standard security measures.
Does that mean bad guys don’t want to play by the rules?
There is a continued proliferation of password-stealing Trojans and advanced persistent threats (APTs) such as Operation High Roller and Project Bliztkrieg, and the expansion of their attacks to government, manufacturing and commercial transaction infrastructure targets, according to the report from McAfee.
“We are seeing attacks shifting into a variety of new areas, from factories, to corporations, to government agencies, to the infrastructure that connects them together,” said Vincent Weafer, senior vice president of McAfee Labs. “This represents a new chapter in cyber security in that threat-development, driven by the lure of financial industry profits, has created a growing underground market for these cybercrime weapons, as well as creative new approaches to thwarting security measures common across industries.”
Leveraging data from McAfee’s Global Threat Intelligence (GTI) network, the McAfee Labs team of 500 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public.
In Q4 2012, McAfee Labs identified the following trends:
More threats, more availability, more industries targeted. As a group, unique password-stealing Trojans grew 72 percent in Q4 as cybercriminals realized user authentication credentials constitute some of the most valuable intellectual property stored on most computers. Now widely available, these Trojans are increasingly appearing within customized threats or combined with other “off-the-shelf” threats available on the Internet. Fourth quarter revelations around the Citadel Trojan suggest this Trojan’s information theft capabilities are going beyond the financial services sector.
Web threats shift from botnets to URLs. McAfee continued to see suspicious URLs replacing botnets as the primary distribution mechanism for malware. An analysis of web threats found the number of new suspicious URLs increased by 70 percent in Q4. New suspect URLs averaged 4.6 million per month, almost doubling the previous 2.7 million per month figure from the last two quarters. Ninety-five percent of these URLs were hosting malware, exploits or code designed specifically to compromise computers. The decline in the number of infected systems controlled by botnet operators comes in part by law enforcement efforts to bring botnets down, but perhaps more so by the declining appeal of the botnet business model.
Increase in infections beneath the OS. The volume of Master Boot Record-related malware climbed 27 percent to reach an all-time quarterly high. These threats embed themselves deep within the PC system storage stack, where standard antivirus solutions cannot detect them. Once embedded, they can steal user information, download other malicious software, or leverage the infected PC’s computing power to launch attacks against other PCs or networks. While these MBR attacks represent a relatively small portion of the overall PC malware landscape, McAfee Labs expects them to become a primary attack vector in 2013.
Malicious signed binaries circumvent system security. The number of electronically-signed malware samples doubled over the course of Q4. This indicates cyber criminals have decided that signing malware binaries is one of the best ways to circumvent standard system security measures.
Mobile malware continues to increase and evolve. The number of mobile malware samples discovered by McAfee Labs in 2012 was 44 times the number found in 2011, meaning 95 percent of all mobile malware samples appeared in the last year alone. Cyber criminals are now dedicating the majority of their efforts to attacking the mobile Android platform, with an 85 percent jump of new Android-based malware samples in Q4 alone. The motivation for deploying mobile threats roots in the inherent value of the information found on mobile devices, including passwords and address books, as well as new “business” opportunities that are not available on the PC platform. These opportunities include Trojans that send SMS messages to premium services, then charge the user for each message sent.
Click here to download the complete report.
Thursday, December 6, 2012 @ 06:12 PM gHale
The rush of mobile devices entering corporate networks, advanced persistent threats and third-party application vulnerabilities are the primary pain points for IT professionals headed into 2013.
These are new and different issues where a few years ago, these were not even a blip on the worry-meter.
One of the top concerns cited in the fourth annual report researched by the Ponemon Institute was the proliferation of personally-owned mobile devices in the workplace such as smartphones and tablets. Eighty percent of those surveyed said laptops and other mobile data-bearing devices pose a significant security risk to their organization’s networks.
With 13 percent stating they use stricter security standards for personal over corporate-owned devices and 29 percent reporting no security strategy for employee-owned devices at all, there is a clear disconnect between awareness and action.
These figures are quite different compared to the 2010 survey. At that time, nine percent of respondents said mobile devices were a rising threat. This year, 73 percent rank mobile as one of the greatest risks within the IT environment.
This year’s study also found IT professionals view third-party applications as a major security threat. In fact, 67 percent of those surveyed reported they viewed third-party applications as a significant risk – second to mobile security risk.
In previous year’s surveys, the server environment, data centers and operating system vulnerabilities were primary concerns. With the proliferation of mobile devices, along with the wide range of software and removable media commonly used in today’s enterprise environment, IT practitioners increasingly worry about the attack vectors these third party tools could bring into the corporate network.
In addition to mobile security risk, the security concern that represents the biggest headache for 2013 is advanced persistent threats (APTs). Whereas worms and less harmful viruses were a concern in earlier reports, today’s IT teams consider APTs and hacktivism a real, global threat.
Of those surveyed, 36 percent reported they viewed advanced persistent threats as a “significant” threat to their environments while just 24 percent of respondents held this view last year. In addition, 12 percent of those surveyed this year stated current anti-virus/anti-malware technology is very effective in protecting their IT endpoints from today’s malware risk.
“Once again, we found the changing security terrain is preventing the state of endpoint security from improving,” said Dr. Larry Ponemon, chairman and founder, the Ponemon Institute.
“With the rise of hacktivism and advanced persistent threats, along with the sheer number of malware incidents we are seeing today, IT simply cannot keep up with the bad guys,” he said. “Add to this fact that end-users are furthering the complexity of the IT environment by bringing in mobile devices and downloading third-party applications — causing risk to exponentially proliferate. IT simply must take further action before the risk is beyond their control.”
Over 670 IT and IT security practitioners took part in this year’s study. Of those, 77 percent were in organizations with a headcount of more than 1,000 and 66 percent were in a supervisory role or higher. These professionals spanned key industries including financial services, the public sector and healthcare.
Monday, October 29, 2012 @ 12:10 PM gHale
A new generation of advanced persistent threats (APTs) forced McAfee to update its Endpoint Security platform.
In the ever changing and dynamic environment of cyber security, the company said the update would better equip systems to block highly sophisticated attack techniques, such as the use of master boot record (MBR) sabotage techniques and the use of Zero Day flaws for intrusion attempts.
The update would look to not only expand the scope of protections for Endpoint Security, but also the new form factors, said Candace Worley, senior vice president and general manager of Endpoint Security for McAfee.
“We believe that the endpoint has to become more dynamic and context-aware,” Worley said.
“Devices are becoming more diverse, you have everything from a laptop and desktop to a tablet form factor.”
In addition to the MBR protections introduced, McAfee is updating the Enterprise Mobility manager to add support for iOS 6 devices and adding to the whitelisting protections on the McAfee Application Control administrator tool.
Encryption is also a priority in the update. The company said it would be updating the Endpoint Encryption platform to support PC and MacOS X systems. The update will include the use of new encryption algorithms from Intel which allow for faster encryption and decryption of data.
In addition to security enhancements, the company said the new Endpoint Encryption would simplify the process of managing and updating systems required to have encryption. By integrating the tool with the company’s ePolicy Orchestrator Deep Command console, administrators will be able to remotely access and patch end user systems without the need to enter credentials.
“If you have a full-disk encryption product and you power those systems off at night you need a body to type in that password to decrypt it and that is problematic,” Worley said, “This really addresses that case.”
Tuesday, September 25, 2012 @ 03:09 PM gHale
As the SCADA market continues to add connectivity into control devices, Wurldtech Security Technologies and Oulu, Finland-based Codenomicon are extending their partnership to the Asia Pacific markets, focusing on China, Taiwan, Korea, Japan and Southeast Asia.
The SCADA environment is adding more connectivity, including new telecommunications and mobile capabilities, the need to protect these devices from Advanced Persistent Threats (APTs) continues to grow.
Vancouver, Canada-based Wurldtech and Codenomicon extended their partnership to provide Asia Pacific device manufacturers with additional testing tools to increase the robustness of their products.
“As cyber security threats evolve, device manufacturers from around the world are seeking innovative solutions to bolster their development processes,” said Wurldtech Chief Executive Neil McDonnell. “Our partnership with Codenomicon provides Asia Pacific developers with a streamlined channel to Wurldtech products enabling us to continue to build our global presence.”
Wurldtech named Codenomicon as an authorized distributor for its Achilles test products, including the Achilles Test Platform and Achilles Test Software. Through this partnership, Codenomicon customers will have access to a new set of test tools for SCADA-specific protocols and Wurldtech will extend its reach into the Asia Pacific market.
“The Wurldtech Achilles Test products provide our customer base with an expanded line of process-control security options,” said Codenomicon Chief Executive David Chartier.
Wurldtech and Codenomicon have worked together to provide comprehensive robustness testing tools for mission critical embedded devices. With optional Codenomicon Defensics software running on the Achilles Test Platform, Wurldtech offers users testing of additional IT protocols.
Achilles Test products provide tools to developers of mission critical connected and SCADA devices to test critical software during the early development lifecycle.
By proactively exposing and correcting vulnerabilities and validating system resiliency in a real-time environment, manufacturers are able to secure products before they release and deploy in process control networks.
Friday, July 13, 2012 @ 09:07 AM gHale
By Nicholas Sheble
“APTs (advanced persistent threats) are not a ‘what,’ but a ‘who,’” said Daniel Teal the chief technology officer at CoreTrace. It’s particular people who are after you, your products, or what you know, your information.”
“They have resources, expertise, and the time to get you.” APTs have delivered the famous cyber attacks that are familiar in the mainstream like Stuxnet, Aurora, Night Dragon, and others.
An advanced persistent threat (APT) is a cyber threat or cyber attack where the hacker has the ability to evade detection and the capability to gain and maintain access to well-protected networks and the sensitive information in them.
The hacker is adaptive and well resourced. The persistent nature of the threat makes it difficult to prevent access to one’s computer network and, once the threat actor has successfully gained access to one’s network, very difficult to remove.
The hacker has not only the intent but also the capability to gain access to sensitive information stored electronically. ISSSource has reported before on APTs and the website contains an informative white paper on them.
Beyond discussing the objectives of APTs, Teal spoke Thursday during a company webinar entitled “Combating Advanced Persistent Threats: The Case for Application Whitelisting-based Solutions,” about potential targets, what the primary weapons include (like memory attacks), and the best solutions to stave off such attacks.
One of those methods includes a compelling case for application whitelisting-based advanced threat protection platforms.
Application whitelisting is a concept whereby only authorized applications can run on the network and its nodes. So rather than searching out malware using antivirus software, the system blocks everything — except those functions that the user designates to run.
The anti-malware applications of this technique suppose that malware never gets on the whitelist. As long as the whitelist remains malware-free then malware cannot run. Teal said whitelisting can stop all APTs.
Nicholas Sheble (firstname.lastname@example.org) is an engineering writer and technical editor in Raleigh, NC.