Quick Contact
888-80-INNET

FireEye

Next-generation threats have changed radically from just a few years ago. Advanced malware has replaced the broad, scattershot approach of mass-market malware designed for mischief. Most of today’s attacks are targeted to get something valuable—sensitive personal information, intellectual property, authentication credentials, insider information—and each attack is often multi-faceted requiring at least two stages—one to get in, one to get valuables out.

New Status Quo: Advanced Persistent Threats, Zero-Day, Targeted Attacks

Traditional protections, like traditional and next-generation firewalls, intrusion prevention systems, antivirus and Web gateways, only scan for the first move, the inbound attack. These systems rely heavily on signatures and known patterns of misbehavior to identify and block threats. This leaves a gaping hole in network defenses that remain vulnerable to zero-day and targeted advanced persistent threat (APT) attacks. For example, consider the time lag in signature development due to the need for vulnerability disclosure and/or the mass spread of an attack to catch the attention of researchers. Malicious code is identified over the course of a few days as it spreads. However, polymorphic code tactics counter-balance the effects of signature-based removal. Signatures represent a reactive mechanism against known threats. However, if attacks remain below the radar, the malware is completely missed, and the network remains vulnerable especially to zero-day, targeted APT malware. No matter how malicious the code is, if signature-based tools haven’t seen it before, they let it through.

Advanced persistent threats break right through traditional security

Heuristic-based protection alone has not proven to be operationally effective. They use rough algorithms to estimate suspicious behavior generating lots of false alerts. While these heuristic techniques have merit, the true positive to false positive ratio (a.k.a. Signal-to-Noise ratio) is too low for a cost-effecitve ROI. The false positives clutter up security event logs and real-time blocking based on these heuristic alerts is simply not an option. Administrators often “dumb down” available heuristics to catch only the most obvious suspicious behavior. Multi-stage targeted attacks don’t trip this coarse-grained filter.

 

Designer Malware: Targeted, stealthy, personalized and zero-day

 

 

 

 

 

 

Cyber criminals have figured out how to evade detection by traditional defenses. Using toolkits to design polymorphic threats that change with every use, move slowly, and exploit zero-day vulnerabilities, the criminals have broken in through the hole left by traditional and next-generation firewalls, IPS, antivirus and Web gateways. This new generation of organized cybercrime is persistent, capitalizing on organizational data available on social networking sites to create very targeted ‘phishing’ emails and malware targeted at the types of applications and operating systems (with all their vulnerabilities) typical in particular industries.

Once inside, advanced malware, zero-day and targeted APT attacks will hide, replicate, and disable host protections. After it installs, it phones home to its command and control (CnC) server for instructions, which could be to steal data, infect other endpoints, allow reconnaissance, or lie dormant until the attacker is ready to strike. Attacks succeed in this second communication stage because few technologies monitor outbound malware transmissions. Administrators remain unaware of the hole in their networks until the damage is done.

APTs can be characterized by the attackers’ quest to gain long-term control of compromised computer systems. Whether attackers use viruses, Trojans, spyware, rootkits, spear phishing, malicious email attachments or drive-by downloads; their malware enables the simple disruption or long-term control of compromised machines. APTs can be nation-state or rogue actors using completely unknown malware or buying access to systems previously compromised with known malware installed through social engineering, spear phishing, or drive-by downloads.

  • Contact us

    • Office Hours
      Monday through Friday
      8:00am - 6:00pm
    • Our Office Locations
      Southwest Regional Office:
      5729 Lebanon Road, Suite 144
      Frisco, TX 75034

      Southeastern Regional Office:
      10200 NW 25th Street, Suite #207
      Doral, Florida 33172

      Atlantic Regional Office:
      1705 Holbrook Street
      Greensboro, NC, 27404
    • Phone and Fax
      888-80-INNET (phone)
      240-332-5954 (fax)

Innovation Network Technologies sign up form


Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur excepteur sint occaecat cupidatat non

Innovation Network Technologieslogin form