According to Symantec’s 2015 Internet Security Threat Report, Vol 20., attackers are exploiting vulnerabilities more rapidly than companies can defend against them, indicating a higher level of sophistication from cybercriminals. Enterprises now face adversaries who are adapting tactically, not just technically to circumvent defenses.
“It’s the natural reaction of a determined and intelligent adversary,” says Jon DiMaggio, Chief Analyst, DeepSight Managed Adversary and Threat Intelligence (MATI) team. “Tactical innovation is about going around the problems of a victim’s defenses, rather than trying to go through it.”
The result of this attack trend is known as an asymmetric cybercrime threat.
Asymmetric Cybercrime Threat
Simply defined, asymmetric cybercrime is the employment of conventional malware in unconventional ways against a stronger target. It’s like guerilla warfare where cybercriminals use commodity malware (malware that is readily available and widely used) to try to blend in with all the threat “noise” as they attack usually larger organizations.
And traditional cyber threat intelligence is losing the battle against these nimble, innovative, and determined adversaries.
“Technical indicators from sensors are necessary, but not sufficient to address the threat posed by these attackers,” says DiMaggio. “Without combining technical knowledge of malware and command-and-control infrastructure with intelligence on the plans and intentions of adversaries, it's impossible to proactively defend against the unconventional tactics that they will employ.”
It’s only the Zeus malware; no need to drop everything, right?
Wrong.
Zeus, or Zbot, is one of the largest botnets and malware packages on the Internet—and it’s a common favorite of these asymmetric threat adversaries. Organizations can see thousands of Zbot detections a day. Because there’s so much “noise” with commodity malware, there’s a good chance the victim will not look into the threat sufficiently to notice when it’s targeted against them. These attackers, then, can steal what they need without being discovered—or until it’s too late.
Leveling the Playing Field - DeepSight Managed Adversary Threat Intelligence (MATI)
“Enterprises should weigh the importance of attack actors associated with threats as heavily as they do network and file-based technical indicators,” advises DiMaggio. “Satisfying requirements for that attack actor information should be a key component of how enterprises assess the value of their intelligence sources whether internal, open source, or commercial.”
However, many organizations lack the staff and resources to obtain that threat intelligence.
DeepSight’s Managed Adversary Threat Intelligence (MATI) reporting provides enterprises with a deep level of actionable intelligence and insights on asymmetric cybercrime threats.
“Symantec combines the unique attack surface visibility that we have through the world's largest private sensor network with a proactive actor intelligence capability that we've built with a team experienced in intelligence operations and cybersecurity,” says DiMaggio.
Key benefits include:
Ability to predict the lifecycle of threats (early warnings) based on monitoring
Focus on the identity and motivation of attackers
Strategic and tactical intelligence to support executives, threat analysts, and network defenders
Leading (vice lagging) indicators
A highly experienced Symantec team of intelligence analysts
“We don't just deliver actor intelligence that is interesting; we combine it with technical attack data to make it relevant to our customers who need to know if they are a potential target based on their industry, geography, IT dependencies on other organizations, or association with newsworthy events,” explains DiMaggio. “We deliver this intelligence across a range of threats: cyber espionage, crime, and hacktivism.”
DeepSight’s MATI reporting combines attack actor information with technical data to give enterprises a proactive stance before and after the threat occurs.
Symantec’s Managed Adversary and Threat Intelligence (MATI) team of intelligence analysts are dedicated to understanding the adversary ecosystem, proving insightful reports on adversary plans, tactics, tools and attack campaigns. Overall, the MATI team empowers organizations with actionable insights to better prepare for, indentify and combat their adversaries.
In the upcoming months, DeepSight’s MATI team will be publishing a series of blog articles offering further insights on the changing threat landscape.
Stay tuned!
For additional insights, read: Forrester Report for Security & Risk Professionals: Use Actionable Threat Intelligence To Protect Your Digital Business
Learn more at Symantec DeepSight Intelligence: https://www.symantec.com/deepsight-products/