Is APT Targeted Attack Really Scary?
Targeted APT attacks that appear in the media are often described as a type of advanced attack that seems to be impossible to prevent or detect. Besides, with the support of the media has played a big role in painting and making APT a lot scarier than it really is.
Any article describing a cyberattack involving a zero-day vulnerability, the media will immediately label it with names like "premium attack" or "targeted attack". APT target".
However, for those who are really working and researching in the field of information security, the zero-day vulnerability is not a secret and is not a "doomsday" vulnerability. Zero-day vulnerabilities present in popular software and platforms (e.g. Windows, Android, iOS, etc.) are being traded every day openly or secretly by security researchers. Getting a zero-day vulnerability isn't hard either; The question is how much the target audience is willing to pay.
The attack techniques used today by the majority of APT attack groups are not new and the exploited vulnerabilities are already patched (they are not zero-day). In addition, current security technologies and solutions can detect and reduce the risk of installing spyware.
For the most part, today's cybersecurity attacks often deserve the title of Persistence because it involves a very well coordinated and coordinated attack plan, plus patience in selecting the attacks. important goal. Only a handful of attacks deserve to be called advanced or breakthrough in attack technique.
APT is not as scary as people think if one understands the attack methods, vulnerabilities and exploitation techniques used. There are already quite a few security processes, technologies, and measures in place to mitigate the risks posed by APT attacks regardless of whether the attack comes with a zero-day vulnerability or not.
Does the current security design help reduce the risk of APT targeted attacks?
For a long time, organizations have bet too much on preventive security mechanisms even though these mechanisms keep failing year after year. Cybersecurity attacks still happen every day around the world despite the use of hundreds of different security mechanisms.
It is a sign that the way we think about attack and defense must change. Let's face it, to bypass common security measures like firewalls, anti-virus programs, or IDS/IPS solutions is quite simple and requires little effort from an attacker. .
However, the above security solution providers have exaggerated the features of this product and it gives the impression that an organization's system will not be able to survive a day on the Internet without security products. there.
According to security consulting firm E-CQURITY (ECQ), defending against any APT or complex attacks requires careful planning and building of a security architecture based on following a defense-in-depth strategy. Multilayer defense requires building appropriate defense mechanisms for all important layers of an information system: Network (Network), System/Operating System (Host/OS) , Application, and Data.
The goal of any attacker is to gain access to the Data layer. The Data Layer normally contains important information that needs to be kept secure. But unfortunately, although the Data layer is important, it is often given little attention and not as many security measures compared to the Network and the Operating System.
When a cybersecurity architecture has an unbalanced security design and uneven implementation, it's only a matter of time before a smart attacker can uncover the weakest point in the association. interconnection between layers and easily penetrate deep into the inner networks and can reach the important data layer.
Defense in depth and layered is a security strategy that requires each information system layer to have all the necessary security elements. The idea behind a multi-layered cybersecurity design is to ensure If a security solution does not work or is bypassed, another security mechanism will be substituted to slow or stop the attack and prevent it from progressing any further. The design of the security architecture of organizations often gets so caught up in "Prevention" or "Prevention" that they forget other important elements of security such as "Detect" and "Response". ".
"Detection" is a security mechanism that helps to immediately recognize an attack when it just happened and "React" in the shortest time to achieve the best effect, avoiding unnecessary losses. worth of the system.
In fact, if done right, "Detect" and "React" security mechanisms are the most valuable security methods for detecting and mitigating risks posed by targeted attacks or complicated.
Therefore, it must be noted that "Prevention", "Detection", and "Prevention" security mechanisms must be present in all four layers of an information system. This is to ensure that if an attacker bypasses all the security measures installed at the Network layer, will still have to find a way to bypass all the security measures installed at the System/layer layer. Operating System, Application layer, and finally Data layer.
You should read it
- What is 51% attack? How does 51% attack work?
- What is a Replay Attack?
- What is Volumetric DDoS Attack?
- What is SS7 attack? What can hackers use it for?
- Analysis of an attack (Part 3)
- What is BlueSmack attack?
- Warning the emergence of ransomware DDoS attack, the scale can be up to 800Gbps
- What is Teardrop attack?
- What is a Sybil Attack?
- Phishing attack: The most common techniques used to attack your PC
- What is DDoS ICMP Flood?
- What is Salami Attack?
Maybe you are interested
Should I buy a USB, Bluetooth or NFC security key?
4 Security Steps to Follow When Using Remote Access Applications
Series of DrayTek router models have security holes
If you have an AMD CPU, install this important security update!
Roundup of new Chrome features and security updates
Google releases emergency security patch, fixes 4 security flaws on Chrome