Skip to main content

R.I.P. APTs, hello stealth attacks

While certainly not a tear-jerking eulogy, in its 2015 year-in-review security bulletin Kapersky Labs is proclaiming that the term Advanced Persistent Threat or APT – which was coined by the US Air Force in 2006 – is for all intents and purposes no longer among us.

Unfortunately however, this doesn’t mean that infosec professionals can uncork the champagne and celebrate a hard fought victory over one of the most insidious threats on the cyber crime landscape. That’s because the same bad guys that have been designing and deploying APTs for nearly a decade have merely - and predictably - adjusted their tactics.

Specifically, the bad guys have acknowledged that detection-based technology has become too good at identifying persistent threats. And so rather than throw in the proverbial towel and call it a day, they’ve re-allocated their resources and re-focused their attention on stealth.

Beware the Silent Cyber Threat Horde

As such, in the months and years ahead, organisations need to prepare themselves for an eerily quiet onslaught of attacks that are fundamentally designed to infect victims, steal data, and exit - and all without leaving a trace. Such campaigns will:

  • Use memory-resident and file-less malware that deftly avoids detection.
  • Repurpose off-the-shelf malware that, unlike rootkits, custom malware and bootkits, aren’t burned by security researchers when discovered.
  • Build custom attack vectors to exploit specific targets.
  • Cloak both bad guys and their intentions, since they’ll be lost in a huge pool of remote access trojans that are available for sale in the cyber underground.

At the same time, it’s critically important for organisations bear in mind that this tactical adjustment by bad actors is not a partial surrender. On the contrary, these quicker and quieter attacks are likely to be more costly, since compared to their APT predecessors, they’re simpler, easier and less expensive to launch – and yet still promise big pay days. As Kapersky Labs notes: “As the shine of cyber-capabilities wears off, return on investment will rule much of the decision-making of state-sponsored attackers – and nothing beats low initial investment for maximizing ROI.

Virtual Container Technology for Life After APTs

In light of the above, organisations need to find more effective ways to protect their systems, data and reputations in a world where the “A” and “P” of APTs won’t be as prevalent – but the “T” will definitely remain on the radar screen 24/7. And an increasing number of organisations are wisely and proactively adjusting to this new normal by using virtual container technology.

Deployed on endpoints - which are by far the largest attack zone surface area and thus typically an organisation’s most vulnerable vector – virtual containers isolate the entire application network (e.g. memory, files, registry, and network access) in a secure virtual environment. As such, stealth attacks cannot infect the endpoint and transfer to other systems and servers in the network. Furthermore, virtual container technology offers features that are uniquely optimised to fight a “stealth war”, including the ability to:

  • Designate specific files as confidential, so they cannot be seen within the virtual container.
  • Create network separation to prevent unauthorized access to trusted network resources.
  • Prevent user keystrokes from being recorded.

The Bottom Line

Bad actors are constantly adjusting their tactics, and the shift from multi-layered, multi-stage APTs to more stealth-based attacks just the latest example. In response, organisations must adjust their network security posture and profile -- and virtual containers are a big piece of this puzzle.

Otherwise, if they continue relying exclusively on detection-based technology, then organisations will inevitably find themselves in the worst possible position: fighting a modern war with antiquated weapons. And history is full of dreadful examples of how that story turns out.

Israel Levy is the CEO of endpoint security company BUFFERZONE (opens in new tab)

Image source: Shutterstock/Andrea Danti

Israel is the CEO of BUFFERZONE, an advanced endpoint security company. He has worked with the company since 2011 on the transition to the enterprise market. Previously, Israel was a partner at ATROG Business Development, serving as the founder and CEO of ControlGuard.