The number of spear-phishing campaigns grew a dramatic 91 percent in 2013 according to this year’s Internet Security Threat Report. With cyber attacks, it’s not a matter of if, but when an attack will occur. Without complete visibility into your environment and the current threat landscape, it’s easy to be blindsided by an attacker and have security incidents to go undetected. Organizations need to build a cyber-resilient strategy to protect sensitive data from targeted attacks and advanced persistent threats.
What are Advanced Persistent Threats?
An advanced persistent threat (APT) is a targeted attack that uses multiple phases to break into a network, avoid detection, and harvest valuable information over the long term. The fact that APTs are often aimed at stealing intellectual property suggests new roles for cybercriminals as information brokers in industrial espionage schemes. This is how it works:
- Reconnaissance - Cybercriminals gather information about the company they want to infiltrate and employees to target through social engineering.
- Weaponization/Delivery– Most of your employees can spot an obvious phishing email when they see one and will delete it before it causes any damage. But what about one that’s not so obvious? An email that has been carefully designed to look legitimate may seem legitimate – but one click could put your company’s data at risk. For example, attackers could send emails to specific employees posing as the company IT department prompting them to change their password. The email looks legitimate, so your employee clicks on the URL unaware that they’ve just exposed the company to a malware attack. The link was created by the attacker to be passed around the world through multiple redirects to evade detection from traditional email security filters – ending up on a fake website that looks just like your company website. Malware from the malicious site infects the employee’s computer, exploiting a known (or unknown) vulnerability.
- Exploitation/Installation– Now that the cybercriminals have open access to this system, they launch more malware to find other vulnerabilities within the network that have access to your company’s private data. The attackers stay “low and slow” to avoid detection and they map the organization’s defenses from the inside to create a battle plan.
- Command and Control– The cybercriminals can remain undetected for months, deploying multiple parallel kill chains to ensure success. They expand their access to other internal systems and may also install malware to secretly acquire data or disrupt operations. It’s all about remote control, the ability to weave an infected node into a network of information acquisition.
- Exfiltration– Valuable information about your company or employees is sent back to the attack team’s home base for analysis and further exploitation fraud – or worse. Your company’s own network can even be used to attack someone else, and you’ll be blamed for it!
You need information to protect your information. Symantec recommends building a cyber-resilience strategy -- fueled by security intelligence -- to help you safeguard your organization from APT. This will help you:
- Avoid being blindsided by an attack by using the power of big data. The Symantec security intelligence solutions analyze unfiltered alerts, external threat intelligence, and traffic patterns for malicious activity. We correlate and find trends for you so you can be proactive and not purely reactive.
- Create a security-aware and enabled workforce. You’re only as secure as your weakest link. Create a comprehensive strategy across people, technology, and processes.
Symantec intelligent security solutions are the cornerstone to a cyber-resilient strategy. To learn more, join us at Symantec Vision.