TENAFLY, N.J. – How do you defend against something that’s never been seen before? That’s the key question organizations struggle with.
A decade ago, the first victims of any worm or virus outbreak had difficulty defending against a brand-new threat, leaving resources vulnerable until the attack could be detected and signatures created. Today the ultimate problem is the same, but the level of difficulty is considerably higher. Attacks used to be massive and indiscriminate, trying to catch anyone that had the vulnerability exploited by the malware. Once the new attack was discovered, one set of defenses could be deployed to neutralize the threat. Organizations that were not exploited would receive updated signatures to allow their perimeter and endpoint defenses to thwart the threat.
The environment has evolved from quick smash-and-grab tactics which exploit targets of opportunity to one that has targets of choice. Actors such as criminal organizations and nation states are interested in the long haul. They create specialized malware, intended for a specific target or groups of targets, with the ultimate goal of becoming embedded in the target’s infrastructure. These threats are nearly always new and never seen before. This malware is targeted, polymorphic, and dynamic. It can be delivered via Web page, spear-phishing email, or any other number of avenues. The ultimate goal is typically data exfiltration, which lends itself to a low and slow approach where attacks can go unnoticed for long periods of time. In the example of the Shady RAT attack, intrusions went unnoticed for years. The desktop is typically not the ultimate target for an attack, but rather an entry point from which to escalate privileges and move laterally throughout the target organization, all without being detected. When coupling zero-day exploits and zero-day malware, attackers have an enormous head start against traditional defenses.
To rest the rest of the article, click on SecurityCurrent.Com
