Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Is APT Targeted Attack Really Scary?
Targeted APT attacks that appear in the media are often described as a type of advanced attack that seems to be impossible to prevent or detect. Besides, with the support of the media has played a big role in painting and making APT a lot scarier than it really is.
Any article describing a cyberattack involving a zero-day vulnerability, the media will immediately label it with names like "premium attack" or "targeted attack". APT target".
However, for those who are really working and researching in the field of information security, the zero-day vulnerability is not a secret and is not a "doomsday" vulnerability. Zero-day vulnerabilities present in popular software and platforms (e.g. Windows, Android, iOS, etc.) are being traded every day openly or secretly by security researchers. Getting a zero-day vulnerability isn't hard either; The question is how much the target audience is willing to pay.
The attack techniques used today by the majority of APT attack groups are not new and the exploited vulnerabilities are already patched (they are not zero-day). In addition, current security technologies and solutions can detect and reduce the risk of installing spyware.
For the most part, today's cybersecurity attacks often deserve the title of Persistence because it involves a very well coordinated and coordinated attack plan, plus patience in selecting the attacks. important goal. Only a handful of attacks deserve to be called advanced or breakthrough in attack technique.
APT is not as scary as people think if one understands the attack methods, vulnerabilities and exploitation techniques used. There are already quite a few security processes, technologies, and measures in place to mitigate the risks posed by APT attacks regardless of whether the attack comes with a zero-day vulnerability or not.
Does the current security design help reduce the risk of APT targeted attacks?
For a long time, organizations have bet too much on preventive security mechanisms even though these mechanisms keep failing year after year. Cybersecurity attacks still happen every day around the world despite the use of hundreds of different security mechanisms.
It is a sign that the way we think about attack and defense must change. Let's face it, to bypass common security measures like firewalls, anti-virus programs, or IDS/IPS solutions is quite simple and requires little effort from an attacker. .
However, the above security solution providers have exaggerated the features of this product and it gives the impression that an organization's system will not be able to survive a day on the Internet without security products. there.
According to security consulting firm E-CQURITY (ECQ), defending against any APT or complex attacks requires careful planning and building of a security architecture based on following a defense-in-depth strategy. Multilayer defense requires building appropriate defense mechanisms for all important layers of an information system: Network (Network), System/Operating System (Host/OS) , Application, and Data.
The goal of any attacker is to gain access to the Data layer. The Data Layer normally contains important information that needs to be kept secure. But unfortunately, although the Data layer is important, it is often given little attention and not as many security measures compared to the Network and the Operating System.
When a cybersecurity architecture has an unbalanced security design and uneven implementation, it's only a matter of time before a smart attacker can uncover the weakest point in the association. interconnection between layers and easily penetrate deep into the inner networks and can reach the important data layer.
Defense in depth and layered is a security strategy that requires each information system layer to have all the necessary security elements. The idea behind a multi-layered cybersecurity design is to ensure If a security solution does not work or is bypassed, another security mechanism will be substituted to slow or stop the attack and prevent it from progressing any further. The design of the security architecture of organizations often gets so caught up in "Prevention" or "Prevention" that they forget other important elements of security such as "Detect" and "Response". ".
"Detection" is a security mechanism that helps to immediately recognize an attack when it just happened and "React" in the shortest time to achieve the best effect, avoiding unnecessary losses. worth of the system.
In fact, if done right, "Detect" and "React" security mechanisms are the most valuable security methods for detecting and mitigating risks posed by targeted attacks or complicated.
Therefore, it must be noted that "Prevention", "Detection", and "Prevention" security mechanisms must be present in all four layers of an information system. This is to ensure that if an attacker bypasses all the security measures installed at the Network layer, will still have to find a way to bypass all the security measures installed at the System/layer layer. Operating System, Application layer, and finally Data layer.
Marvin FryYou should read it
- What is Volumetric DDoS Attack?
- What is SS7 attack? What can hackers use it for?
- Analysis of an attack (Part 3)
- What is BlueSmack attack?
- Warning the emergence of ransomware DDoS attack, the scale can be up to 800Gbps
- What is Teardrop attack?
- What is a Sybil Attack?
- Phishing attack: The most common techniques used to attack your PC
May be interested
- How to Tell a Convincing Scary Story
adding the element of horror to a story is a great way to get attention and compliments. in other words, a scary story can be your ticket to becoming an interesting, fun storyteller. whether you're honing your skills to scare the pants off... - What is a Replay Attack?a replay attack occurs when a cybercriminal eavesdroves a communication over a secure network, intercepts it, then delays or resends the content, to get the recipient to do what the hacker wants.
- What is Volumetric DDoS Attack?volumetric ddos attack is designed to overwhelm internal network capacity with large volumes of malicious traffic. volumetric ddos attack is usually performed against a specific target
- Discovering a large-scale APT attack into Vietnam, users need to quickly download the malicious toolthe department of information security recommends that users urgently download this malicious code-checking and removal tool on ais.gov.vn; vncert.vn was built and provided by the department.
- What is SS7 attack? What can hackers use it for?an ss7 attack is a very dangerous attack method. an ss7 attack can be used to bypass two-factor authentication. so what specifically is the ss7 attack? what can a hacker do with an ss7 attack?
- 7 scary things about IoT really happenedthese manufacturers and retailers have little interest in revealing the hidden corners of iot. the following article will tell readers about a series of scary facts caused by internet-connected devices.
- 5 scary websites make you cry when you visitthese extremely interesting but equally frightening websites are part of the hidden corners of the internet that you probably never knew. invite you to experience.
- Horror movies not to be missed during the 2017 Halloween seasonthis year's halloween season, a lot of horror films will be shown promising to bring you different emotions from shocking, frightened, startled to heart attack. let's take a look at the list of horror movies to scary hairs made by filmmakers on this holiday.
- Duqu computer virus attacked Iranian businesson november 13, iran acknowledged for the first time that the country was the target of a new cyberattack when this time, the duqu computer virus targeted computers of businesses in the islamic republic.
- Warning: Scam asking to reset Apple ID passwordmany iphone, apple watch, and mac users have been targeted in an attack with countless notifications asking to reset their apple id password.
Attack the network
- Top 30 serious security holes are being exploited by hackers the most
- What is PetitPotam Attack? How to overcome PetitPotam attack
- XLoader malware attacks Mac users, collects login information, takes screenshots
- Defender for Identity detects PrintNightmare vulnerability, reducing risk for Print Spooler
- HelloKitty Ransomware Using Linux Variant Attacks VMware ESXi Server
- Beware of BIOPASS malware hidden in Chinese online gambling sites
Top 30 serious security holes are being exploited by hackers the most
What is PetitPotam Attack? How to overcome PetitPotam attack
XLoader malware attacks Mac users, collects login information, takes screenshots
Defender for Identity detects PrintNightmare vulnerability, reducing risk for Print Spooler
HelloKitty Ransomware Using Linux Variant Attacks VMware ESXi Server
Beware of BIOPASS malware hidden in Chinese online gambling sites