58
BUILDING A DEFENCE AGAINST
TARGETED SECURITY ATTACKS
Targeted Attacks or Advanced Persistent
Threats (APTs) are a category of highrisk threats that aggressively pursue and
compromise chosen target institutions or
enterprises, with a goal of data exfiltration.
APTs strive to remain undetected in a network
to gain access to the organisation’s valuable
data which includes intellectual property,
trade secrets, and customer information.
Threat actors may also seek other sensitive
data such as top-secret documents from
government or military institutions.
By design, APTs or targeted attacks are
able to evade standard security defences.
Industry experts believe that an expanded
definition of security due diligence is now
“a must” for enterprises and government
organisations. New, proactive measures
and specialised technology are required as
part your risk management due diligence.
1. Accept you will be targeted
Online fraud has long since moved from
a hobby to become a primary means for
cybercriminals to earn a living. From APTs
targeting organisations of all sizes to cyber
espionage and state-sponsored hacking,
your organisation is a valuable target.
2. Understand what makes you valuable
Consider the different ways that attackers
could see you as a valuable target.
Intellectual property, financial or corporate
data, and customer or citizen information
are all prime targets. In addition, online
access and credentials for valuable
business banking accounts are successful
attack vectors for organisations of all sizes.
3. Understand what makes you vulnerable
Attackers find vulnerabilities in the
software and architectures of our networks,
as well as using social engineering
activities, researching employees online
and using this information to craft effective
lures, typically through email.
4. Look at your technology environment
Well-organised criminal gangs hide their
tracks, patching vulnerabilities they have
leveraged to penetrate the network and
cleaning up any malware to make sure
it doesn’t interfere or draw attention to
exfiltrating data. Command and control
communications inside your network will
be put on a ‘sleep cycle’ so there is no
easily detectable connection outside the
organisation.
5. Include the cloud
Virtualisation and Cloud Computing raises
new infrastructure issues that must be
considered when creating a security. Carry
out due diligence on technologies and
cloud vendors to ensure you know where
security is provided and where there are
gaps. Be prepared to implement strong
encryption on all data in case security
controls fail to prevent a data breach.
6. Understand targeted attacks
By understanding the multi-facets of a
targeted attack, and remembering that
attackers can easily purchase exploit kits
designed to target the exact systems that
comprise our networks, we understand that
these custom attacks require custom defence
mechanisms unique to our organisation.
7. Find your own backdoors
Standard perimeter and endpoint security
technologies are essential to prevent most
attacks, and proactive virtual patching
or vulnerability shielding strategy will
minimise the window of opportunity for
attackers. Frequent penetration testing and
applications scanning must become regular
activities for so you can attempt to locate
and close your backdoors before attackers.
8. Expand your threat intelligence
Advanced situational awareness requires
looking outside and inside your network.
Understand the importance of big data
analytics to identify any correlations
between cyber attack activity on
the Internet and an organisation’s IP
addresses, users, domain ?[??]????????\??][K[]?[?[KX?\?Y]?[?????[][??]????X?\??[?ZX???&\?Y\\???\?K??K?]?X][?[Y?[??H[??Y??X???[?ZX????Y\?H?[??H???][?][????[?\?][???YY]\?H?]??\]Z\?[Y[????X?][??T??]B??\???X?[?[???X?]?H]X?[??X?????Y\?[??\?Y?]HH?\??B?Y?[??H??][?]\???\?\?Y?B??]??X?\?]H???][?X?\?[?H?]X?[?[\?K[[YYX][HY\[???\YH?\????X]???X[Y?HT??X?[???]H?????[??[B?H?]H?????[??[H[??H?YYYH????Y??X?]?H??][??Y[?Y?H[?Z?H??Y??]?\??]?HX?[?Y?Z[???X?\??X]?]?[?\?]??]??????H]??YH[??XB?]????[???[X?\??X?X?X??\???[???\?Y?HH^\?XY??\?[\??X??\??]?X?\???[?ZX???&\?Y\\???\?H??Y\H?]H?????[??[H?]?[?\?X?[]B?X????]?[?\?HU[???\??X?\?H?]??X?\?H[?[Y?[??HX??]?\?X?[?\?X?]?]H[??X?\?]X???H??][??[??[]?\??X???ZY\????[H[?]?Y?H?\?X[\?Y[??\??Y[???H?]H?????[??[H?[????[?]??]?[?\?H\?X?[[??\?X[[??\??Y[????X[X?[?\???[???[][?X?][??[??Z]?[?\??]\?X??\????[]?[???X[][YH[?[Y?[??H??ZYH?\Y???Z[?Y[?[??X?Z]?\??\??H?X?\?]B?\]\???Y?[??[???\??X?\?H?[\??B???X?[?Y?Z[??]X?????]??X]??\]Z\?H?]??X?\?]H??[Y]?????[??\?H[?H?[?]X?[?Y[?Y?H]?\?]?B??X]?[?]?HX??\???[?[\?\?[??X?[?X?H[?[Y?[??H]?[\]Z\[?B??\??\???[YYX]K[?Y?[?Y?Z[???\??]Y]X???[?[?\???[?\?][??????[??\??YH??L??