I was invited down to the RSA Conference 2013 at its inaugural Asia Pacific leg held in Singapore earlier this week. At a presentation on advanced persistent threats (APT), titled “APTs by the dozen: Dissecting advanced attacks,” by Alex Lanstein of security vendor FireEye, it quickly became clear that SMBs need to be made aware of what has become a highly popular attack vector used to break into business networks.
The following are facts on real-life attacks that all small and mid-sized businesses should keep up to date with.
It’s All About the Email
One of the most common vectors used to launch an APT attack is through the email. While hardly advanced, this approach has proven to be very successful in helping hackers gain a foothold into businesses, says Lanstein.
The idea here is to convince employees to visit a malware-laden website or to download and install the malware directly. As you may expect, hackers make use of various techniques to increase the chances of victims taking the bait. This typically includes the use of flattery, reference to current news, masquerading as friends, or by using a URL that looks similar to that of a reputable domain.
Keep Your Antivirus Software
As the number of novel zero-day exploits that get mentioned in headlines of both IT and mainstream new sites increases, some SMBs have developed mistaken notions about not having to defend against the latest security threats.
This is a problem, according to Lanstein, who shared how many hackers tracked by FireEye don’t even bother with exploits. Indeed, they typically resort to spear phishing techniques to trick users into directly downloading a malware or remote control tool for them to access the system. With this in mind, SMBs can defend themselves by deploying an up-to-date antivirus software on all work machines.
Hiding Their Tracks
Hackers have grown in sophistication, and know how to hide their tracks among the typical network traffic that a small business network experiences throughout the day. One method entails exploiting the Domain Name System to “fast flux” or hide their tracks by piping their connection through a constantly changing list of destination addresses.
In my mind, this makes it practically impossible for even an alert administrator to detect the presence of malware by checking for suspicious outgoing connections. Though the speaker did not mention this, SMBs may have no choice on this front but to invest in a proper Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) to scan for suspicious network activity.