An increasing number of sophisticated cyber attacks have been discovered over the past couple of years – from Stuxnet to the Flamer; each of these attacks had a specific goal and target and were very different from the mass cyber threats of the past.
By Tarun Kaura
The most recent in this long list of targeted attacks has been uncovered in 2014 by Symantec. Dubbed “Dragonfly”, the well-resourced attack group appears to have been in operation since 2011; initially targeting defence and aviation companies in the US and Canada before shifting its focus to US and European energy firms in early 2013.
A classic example in the rising trend of Advanced Persistent Threat (APTs), the Dragonfly group used a number of different attack vectors. In addition to compromising third party software, the attackers also mounted watering hole attacks, compromising websites that staff members at target companies were likely to visit. The group also utilised spam campaigns.
While the main purpose of these infections was to gain foothold on the networks of targeted companies, the attacks did give the Dragonfly group the capability to mount industrial sabotage if they chose to do so.
Attacks like these indicate the dawn of the era of cyber-sabotage and cyber-espionage, and while many may believe that such sophisticated threats will not affect anyone apart from the intended target, the truth is many of them have had collateral damage.
The rising risks
The world’s data—exposed through multiple channels—is vulnerable, even though cyber security has become a priority for many organisations. According to the Lloyd’s Risk Index 2013, cyber risk, in the span of two years, has become the #1 technological risk and #3 business risk surpassing other business risks such as inflation and rapid technological changes. A decade ago, the biggest risk from a bad virus was a temporarily disabled computer and lost files.
Today, targeted attacks are on the rise and advanced persistent threats (APTs), while very focused in whom they target, are a real threat for organisations; capable of stealing financial/customer data and intellectual property, by compromising critical information assets. According to Symantec’s latest Internet Security Threat Report (ISTR), despite stepping up their information security measures, businesses in India continue to be an attractive target for cyber criminals with 69 percent of targeted attacks in India focused on large enterprises.
APTs: The dawn of mega breaches
Advanced Persistent Threats (APTs) are a special case within the much broader category of targeted attacks that organisations of all kinds are prone to. APTs are attacks where cyber criminals plan customized attacks using tools and intrusion techniques developed specifically for certain targets. In contrast to the typical “smash and grab” tactics, hackers using APTs are willing to be more patient while they craft their attack strategy and wait till the reward is bigger and better.
The Dragonfly group used attack methods which were centred on extracting and uploading stolen data, installing further malware onto systems, and running executable files on infected computers. It was also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloguing documents on infected computers.
Need of the hour
Targeted attacks are rising, cyber criminals are more ruthless than ever, and the multifaceted equation required to protect against these threats has only become more difficult. While the promise of network security-based solutions as the answer to advanced threats gains increasing attention, IT departments are still left grappling with massive amounts of incidents, too many false positives and a laundry list of manual processes to be tackled without the staffing and skill sets needed to win, leaving organisations exposed and vulnerable.
In the new era of Mega Breaches, the prerequisite for many businesses today is to be able to identify the incoming attacks and respond to them seamlessly without any downtime. There is a greater need for building a security layer that must be strong enough to fight significant malicious activities and in case of attack, recover from incidents faster.
An advanced threat protection (ATP) solution which correlates alerts and intelligence across a range of security technologies to deliver more comprehensive attack prevention is the one piece missing from the cybersecurity jigsaw in most enterprises today.
To successfully defend against the types of targeted attacks, organisations need to expand the focus from prevention only to prevention, detection and response. ATP significantly reduces the time to detect, prioritize and respond to security incidents. With adversaries hitting all control points from the gateway to email to the endpoint, organizations need security across all points working together, with incident response capabilities and global information intelligence, to beat the bad guys.
Tarun Kaura is Director of Technology Sales (India), Symantec.