An advanced persistent
threat (APT) is a network attack in which an unauthorized person (maybe hacker)
gains access to a network and stays there undetected for a long period of time.
The intention of an attack is to steal data rather than to cause damage to the
network or organization. APT attacks target organizations in sectors with
high-value information, such as national defence, manufacturing and the
financial industry.
A national-level of
cyber terror on broadcasting companies and banks put Korea into crisis in
March, 2013. This recent incident can be considered as a good case of new
attack.
In an APT attack, the
goal is to achieve on going access. To maintain access without discovery, the
intruder must continuously rewrite code and employ sophisticated evasion
techniques. An attacker often uses spear fishing, a type of social engineering,
to gain access to the network through legitimate means. Once access has been
achieved, the attacker establishes a back door to gather valid user credentials
(especially administrative ones) and move laterally across the network,
installing more back doors. The back doors allow the attacker to install bogus
utilities and create a "ghost infrastructure" for distributing
malware that remains hidden in plain sight.
Although APT attacks are
difficult to identify, the theft of data can never be completely invisible.
Detecting anomalies in outbound data is perhaps the best way for an
administrator to discover that his network has been the target of an APT
attack. However, current security systems using patterns have shown limits in
detecting anomalies by malware infection at user's PC in a network.
In order to overcome
limits of current pattern based security systems concerning an APT, a behaviour
based approach has been introduced in the cyber security industry. In
principle, by identifying between user's behaviour and malicious behaviour, the
behaviour based technology permits data transmission by user, and detects and
blocks data transmission (including file leakage) without user's behaviour.
Most APT defence
solutions are located only at the network which hardly detect and inspect all
malicious codes passing through the network because these malicious codes have
so many download routes and use encrypted sessions such as Gmail. Moreover, in
case these malicious codes are not in active right after download, the network
only based APT defence solutions hardly detect them because most malicious
codes are inactive and go through latent period until D-day of attack. In
contrast, a combination of network and agent (user's PC) based APT defence
solutions can prevent Zombie PC infection by malicious codes because it
monitors, detects, and treats infected Zombie PCs where users' PCs are located
while protecting the network.
My name is Rosario
Berry, a professional freelance writer, like to introduce NP Core Inc.. Most APT Defense Solutions are located only at
the network which hardly detect and inspect all malicious codes passing through
the network.
Article Source: http://EzineArticles.com/?expert=Rosario_Berry
Article Source: http://EzineArticles.com/7973281
No comments:
Post a Comment