Enterprise efforts in curbing high-priority threats are insufficient as security researchers continue to find successful APT campaigns inside corporate networks. According to a Trend Micro-sponsored Enterprise Strategy Group (ESG) study, nearly 40% of large organizations invested in new security defenses to respond to APTs.
“There is a discrepancy between how enterprises perceive targeted attacks and how these campaigns unfold in real-world scenarios. Given the pivotal role of C&C communications in a targeted attack, proactively detecting malicious C&C traffic is an important element in exposing APTs. High-proﬁle APTs in the past could have been discovered if security groups monitored malicious network communications,” said Sharda Tickoo, PMM, Trend Micro India.
APTs are a category of threat that refers to computer intrusions by threat actors that aggressively pursue and compromise speciﬁc targets. Threat actors use social engineering and malware to enter a network, after which they move laterally throughout the network to extract sensitive information. In an APT campaign, keeping the communication channel between the compromised machine and the threat actor’s C&C server open is crucial for the success of targeted attacks.
An APT campaign/targeted attack is segmented into six stages: Intelligence gathering, point of entry, Command-and-control (C&C) communications, lateral movement and persistence, Asset/Data discovery and data exﬁltration.
These conduits allow threat actors to conﬁrm system breach; obtain information about the targeted network, send commands to the malware within the compromised network, instructs the compromised PC to download “second stage” malware and the tools used for lateral movement.
Targeted attacks take advantage of unknown malware. The ability to identify anomalous network traffic indicative of these kinds of attacks constitutes a crucial part of any sound APT defense. Given the highly targeted and persistent nature of APT campaigns, an APT defense framework must enable the network to identify and assess threats in real time.
Trend Micro Deep Discovery provides network-based real-time visibility, insight, and control to help large enterprises reduce the risk of an APT or other type of targeted attack. Trend Micro offer Deep Discovery Inspector, Deep Discovery Advisor and integrate this with Trend Micro’s Smart Protection Network to protect enterprises from targeted attacks.