Infotech Lead India: In response to the growing number of targeted attacks on networks, enterprises are investing in security defenses, says the latest Trend Micro -sponsored Enterprise Strategy Group (ESG) study.
However, their efforts are insufficient to curb these attacks as security researchers continue to find successful APT campaigns inside corporate networks.
According to the study, nearly 40 percent of large organizations have invested in new security defenses to respond to Advanced Persistent Threats (APTs).
The study shows there is discrepancy between how enterprises perceive targeted attacks and how these campaigns unfold in real-world scenarios. Given the pivotal role of C&C communications in a targeted attack, proactively detecting malicious C&C traffic is an important element in exposing APTs, Trend Micro said.
APTs are a category of threat that refers to computer intrusions by threat actors that aggressively pursue and compromise specific targets.
“High-proﬁle APTs in the past could have been discovered if security groups monitored malicious network communications,” said Sharda Tickoo, PMM, Trend Micro India.
Threat actors use social engineering and malware to enter a network, after which they move laterally throughout the network to extract sensitive information. In an APT campaign, keeping the communication channel between the compromised machine and the threat actor’s C&C server open is crucial for the success of targeted attacks.
An APT campaign/targeted attack is segmented into six stages: Intelligence gathering, point of entry, Command-and-control (C&C) communications, lateral movement and persistence, Asset/Data discovery and data ex-filtration.
These conduits allow threat actors to confirm system breach; obtain information about the targeted network, send commands to the malware within the compromised network, instructs the compromised PC to download “second stage” malware and the tools used for lateral movement.
Targeted attacks take advantage of unknown malware. The ability to identify anomalous network traffic indicative of these kinds of attacks constitutes a crucial part of any sound APT defense. Given the highly targeted and persistent nature of APT campaigns, an APT defense framework must enable the network to identify and assess threats in real time.