Apt attack, as a complex and multi-faceted attack, poses a great risk to the safety and security of enterprises. Although many global companies have invested huge amounts of resources in security controls, apt attacks have penetrated these businesses and have caused significant losses to Korean financial companies, Adobe and others. These events alert us to the complexity and devastation of apt attacks and urge us to take appropriate precautions as soon as possible.
Apt attack makes enterprise face great risk
Apt attacks can occur in any company, and one of the biggest reasons is to steal confidential information from the company. Intellectual property, financial information, employee and customer personal information, financial information and many other confidential information are of high value. Once a hacker obtains these confidential information through apt attack, it will likely cause huge loss to the target enterprise. But at the same time, the theft of confidential information is not the only reason for apt attacks, and damage to the system, monitoring, and so on can be the reason for hacker attackers. Therefore, no matter whether the enterprise has sensitive information, all the time is exposed to the risk of apt attack.
An attacker could use an organization's network infrastructure to launch attacks against other organizations. In some cases, attackers use the victim's e-mail account to increase the credibility of their harpoon phishing attack messages. In a similar attack, in order to attack a large organization network, hackers may start with a small business connected to the organization's network and then launch an attack as a springboard. For attackers, a network of small businesses can be easier and more covert, and will not leave traces in the networks of large organizations.
In addition, a company may simply be used as a springboard to cover the path of attack between an attacker and a target.
In South Korea's recent massive apt attack, the hacker sent a phishing message with the theme "March Credit card transaction Details", which contained a "History of your account Transactions", in a counterfeit bank email account. Malicious. rar file that connects several malicious IP addresses and downloads 9 files, and the central Update Management Server within the enterprise can also be implanted with malicious programs because of an intrusion.
What can be done in the face of apt attack
No matter how well a company's defenses are, a setup error or a user opening a malicious file or visiting a malicious Web site can cause the company to be affected. Therefore, the enterprise should do not only in the attack after the rapid adoption of remedial measures, but also in a timely manner to the entire IT architecture data dynamic testing, once the attacker entered the company network, the target must be able to detect and control as soon as possible. At this point in time, a complete survey can be conducted to see where the attackers have been and what damage has been done.
In South Korea's apt attack, South Korean users who deployed the trend technology TDA successfully resisted the attack. Trend Science and technology TDA has perfect heuristic detection capabilities and sandbox analysis tips, when malicious programs in the network spread infection other users, they will be labeled, which includes the transmission of information to the outside or from a malicious source to receive commands of hidden malware. When TDA detects malicious attachments in the message associated with the attack, the enterprise has plenty of time to customize the defense strategy (custom Defense strategy) to protect against attacks.
The process of detecting and controlling a threat can be time-consuming, but a business may focus on two aspects to minimize damage and allow the event survey to be as fast and successful as possible. First, companies should implement appropriate record policies, divide networks, and enhance security threat detection and protection of critical data through threat discovery devices such as trend technology TDA. Second, companies should have trained and functioning threat intelligence groups and incident investigation teams.
To help improve security, penetration testing can be very helpful to the company, and there are a number of security risks that could be learned from the test results. Social engineering and physical security tests are also needed, if you can. Once completed, the penetration test can be used as a training tool for the incident investigation team and to provide the information that is found to the company to help the enterprise understand the overall security issue.
Security is an investment, but it is worth the investment because of the huge damage that apt attacks can inflict on the business. Companies need to keep an eye on the defensive measures of apt attacks and learn more about how to minimize the risk of being apt to attack victims to ensure the security of the enterprise.