- Tram Ho
Only a handful of attacks deserve to be called advanced
Targeted APT attacks that appear in the media are often described as a sublime type of attack that seems to be impossible to prevent or detect. Besides, with the support of the media has played a big role in painting and making APT a lot scarier than it really is. Any article describing a cyberattack related to a zero-day vulnerability, the media will immediately label it with names like “senior attack” or “deliberate attack”. APT target”. However, for those who are really working and researching in the field of information security, the zero-day vulnerability is not a secret and is not a “doomsday” vulnerability. Zero-day vulnerabilities present in popular software and platforms (e.g. Windows, Android, iOS, etc.) are being traded every day openly or secretly by security researchers. Getting zero-day vulnerabilities isn’t hard either; The question is how much the target audience is willing to pay.
The attack techniques used today by the majority of APT attack groups are not new and the exploited vulnerabilities are already patched (they are not zero-day). In addition, current security technologies and solutions can detect and reduce the risk of installing spyware. For the most part, today’s cybersecurity attacks often deserve the title of Persistence because it involves a very well coordinated and coordinated attack plan, plus patience in selecting the attacks. important goal. Only a handful of attacks deserve to be called advanced or breakthrough in attack technique.
APT is not as scary as people think if one understands the attack methods, vulnerabilities and exploitation techniques used. There are already quite a few security procedures, technologies, and measures in place to mitigate the risks posed by APT attacks regardless of whether the attack comes with a zero-day vulnerability or not.
Does the current security design help reduce the risk of APT targeted attacks?
For a long time, organizations have bet too much on preventive security mechanisms even though these mechanisms keep failing year after year. Cybersecurity attacks still occur every day around the world despite the use of hundreds of different security mechanisms. It is a sign that the way we think about attack and defense must change. Let’s face it, to bypass common security measures such as firewalls, anti-virus programs, or IDS/IPS solutions is quite simple and requires little effort from an attacker. . However, the above security solution providers have exaggerated the features of this product and that gives the impression that an organization’s system will not be able to survive a day on the Internet without security products. there.
According to security consulting firm E-CQURITY (ECQ), defending against any APT or complex attacks requires careful planning and building of a security architecture based on following a defense-in-depth strategy. Multilayer defense requires building appropriate defense mechanisms for all important layers of an information system: Network (Network), System/Operating System (Host/OS) , Application, and Data.
Important layers in information systems
The goal of any attacker is to gain access to the Data layer. The Data Layer normally contains important information that needs to be kept secure. But unfortunately, although the Data layer is important, it is often given little attention and not many security measures compared to the Network and the Operating System. When a cybersecurity architecture has an unbalanced security design and uneven implementation, it’s only a matter of time before a smart attacker can uncover the weakest point in the association. interconnection between layers and easily penetrate deep into the inner networks and can reach the important data layer.
Defense in depth and multiple layers is a security strategy that requires each information system layer to have all the necessary security elements. The idea behind a multi-layered network security design is to ensure If a security solution does not work or is bypassed, another security mechanism will be substituted to slow or stop the attack and prevent it from progressing any further. The design of the security architecture of organizations often gets too caught up in “Prevention” or “Prevention” and forgets about other important elements of security such as “Detect” and “Response”. “. “Detection” is a security mechanism that helps to immediately recognize an attack when it has just occurred and “React” in the shortest time to achieve the best effect, avoiding unnecessary losses. worth of the system. In fact, if done right, “Detect” and “React” security mechanisms are the most valuable security methods for detecting and mitigating risks from targeted attacks or complicated.
Therefore, it must be noted that “Prevention”, “Detection”, and “Prevention” security mechanisms must be present in all four layers of an information system. This is to ensure that if an attacker bypasses all the security measures installed at the Network layer, will still have to find a way to bypass all the security measures installed at the System/layer layer. Operating System, Application layer, and finally Data layer.
Source : Genk