Attacks/Breaches
3/16/2012
05:57 AM
Dark Reading
Dark Reading
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%

How To Detect And Defend Against Advanced Persistent Threats

There are no silver bullets for APTs, but there are steps your organization can take. Here's a look at what you can do

[Excerpted from "Detecting and Defending Against Advanced Persistent Threats," a new report posted this week on Dark Reading's Advanced Threat Tech Center.]

One of the most insidious cyberthreats is the one that lies in wait. These exploits, commonly known as advanced persistent threats, are sophisticated, custom exploits with the express objective of gaining access to a targeted system and remaining undetected for an extended period of time.

An APT’s success requires considerable resources and expertise — hence the term “advanced.” “Persistent” doesn’t mean a continual barrage of attacks launched in the hope that one may succeed, but instead the relentless pursuit and development of a successful attack methodology. These exploits are developed by skilled, motivated, organized and well-resourced programmers working with a well-defined road map. These attacks can take many months to develop and even longer to successfully deploy.

The concern about APTs is increasing because of an escalating number of incidents and the severity and extent of the damage they cause. Cisco Security Intelligence Operations has reported a significant increase in the number of unique instances of malware it’s finding, an indication of APTs under development or being deployed. And although big and well-armed companies such as Google, RSA, Sony, and Lockheed Martin have been hit, there are signs that APTs may be going after smaller and less well-protected organizations to get to their eventual targets.

To combat the threat of APTs, it’s important to understand the different phases of an APT attack and the defenses required for each.

To read about the six phases of an APT -- and potential defenses that your organization can employ in each phase -- download the free report on how to detect and defend against APTs.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.