A paradigm shift is occurring, regarding APT (the advanced persistent threat, a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period of time.)
What kind of threat is
Everyone says it’s external, foreign adversaries or competitors trying to break it. We have to differentiate between the source of the threat and the cause of damage. The source of advanced threats
Look at the CEO causing damage by opening the attachment at his son’s high school. Think about the laptops or cell phones that executives carried while traveling overseas. Then those laptops were brought back into the company that allowed the organization to be compromised. The cause of damage is the insider threat.
When I say, “insider threat,” I’m not referring to deliberate malicious insiders. I am talking about the person who inadvertently causes harm without even realizing. It’s the accidental insiders that we’re concerned about.
This distinction is important because many companies believe that it’s all external. They will buy all this new gear to deal with all this perimeter security for the external threats coming in.
Let’s break this down into the fundamental pieces of attack. The good news is the general characteristics of how advanced threats work are common. There’s a set DNA structure of how these advanced threats are going to work and operate. The bad news is
Any threat out there, basically, has these general characteristics.
- They’re going to target an individual
- They’re going to deliver a payload to that system
- They’re going to upload files to the system
- They’re going to run a process and survive a reboot.
Next is longevity. They don’t want to be on your system for an hour. They want to be on your system for 10 years. They’re going to make an outbound connection known as a C2 or C & C, command and control channel. That’s an encrypted channel, leading back out to the Internet, i.e. back to that adversary. They’re then going to perform internal recon and get a pivot deeper and deeper to the network. Basically, they are getting an entry point, setting up what we call a B channel, and going deeper into the environment.
If companies continue to fix the wrong vulnerabilities, they will continue to get breached. Take a closer look at your
For more tips on staying safe in cyberspace, keep checking out my blogs or follow me on Facebook, Twitter, or Linked In. For your own company’s security assessment or any other questions or concerns, reach out to me at secure-anchor.com/contact.