Advanced Persistent Threats (APT) are unique in that they lurk in organizations’ blind spots, waiting patiently to pounce on their payoff or exfiltrate data and other assets over long periods of time. APTs are widely known for remaining undetected, fooling defensive tools and security tactics as just part of their repertoire for chaos and theft. Because of these shady, sophisticated tactics, IT and security teams must adopt a new approach to address this specific type of risk, one that provides long-term and constantly adapting security to address shifting tactics and unusual network behavior. We call this approach Advanced Persistent Security (APS), an approach that is applicable for dynamic environments that are looking to implement better security regardless of the bad actor or group they’re protecting against. Moreover, APS is continuously adaptive, dynamic and automatic to counter APTs in the same ways they excel and thrive. To prevent these attacks, defenses must operate like them.
The risks APTs pose to business
Known examples of the dangers of APTs are numerous, but we’ve seen a few examples of the insidious nature of these groups and their effect on businesses around the globe. Bronze Starlight, an APT that has been active since mid-2021, has been discovered deploying short-lived ransomware families as a decoy for more long-term, destructive cyber attack campaigns. The group deploys ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora and LockBit 2.0 for a relatively short period of time, tricking incident responders into thinking the threat is gone once they cease to exist.
Bronze Starlight is a good example of the constantly-evolving nature of APTs and how they are used to establish a long-term presence on systems. This was also seen first hand with the BRATA malware, which threw a curveball at security teams earlier this year when it was discovered to have added information-stealing capabilities, new phishing techniques and advanced abilities to bypass permissions on devices. These updates resulted in the long-term infection of Android devices, highlighting how substantial and prolonged the impact of these attacks can be, if not permanent. Security is as dynamic as an organizations IT and cloud enviornment and must adapt at the speed of DevOps. Advanced Persistent Security tactics could be instrumental in exposing these long-term threats in an organization’s networks. APS supports companies in selecting the right security products that will enable them to accelerate their security processes, as well as add security automation for routine processes. In addition, APS could support in integrating advanced ML tools for data aggregation and pattern / anomaly detection, something that could significantly help an organization’s security program when mitigating risk.
The Advanced Persistent Security (APS) Approach
APTs lurk and attack anywhere in systems and networks. So advanced persistent security (APS) means deploying defenses that are ever present and persistent to thwart such dangers. Like APTs, an APS approach leverages specially crafted and highly sophisticated algorithms to linger, learn and lurk behind the scenes to detect shifts in machine or human behaviors, nuances in network activities and performance, and nearly invisible indicators of deceit. To do this, AI becomes an essential part of the defender’s toolkit arming security teams with deep learning capabilities to outwit all-too-savvy hackers and attacks. Today’s risk landscape demands strategy and experience as much as machine training and evolving tool designs.
Addressing today’s massive attack surface
As organizations shift infrastructure to the cloud to keep up with digital transformation, their security teams are faced with rapidly expanding attack surfaces that seem to grow by the minute.According to a recent Trend Micro report, nearly half of IT and business leaders said that their attack surfaces are “spiraling out of control.” Unfortunately, this means that APTs now have considerably more cover to hide tin. The solution, however, isn’t in traditional tooling and legacy processes. Security teams will be the first to tell you that an endless stream of screaming alerts does more damage than good. Rather, implementing an APS strategy and more agile security tooling designed to fit within modern infrastructures will help defenses continuously evolve alongside cloud migration, new technologies and new environments.
Exposing the weak link – the need for automation to detect and mitigate
It’s important to note that the common cybersecurity tools in use today have been effective in detecting and mitigating risk to a certain degree. The prevailing security stack with layers of software protection and a unifying platform to efficiently manage these multiple data sources is extremely important. But security teams are constantly bombarded with false alarms that take the focus away from serious threats, dulling their sense of urgency. Ultimately, it is difficult to determine which threats are serious and which aren’t. The missing piece is an APS strategy focused on countering the tenacity of APT campaigns continuously. APS relies on AI and machine learning so these tools will become considerably smarter as they learn the unique blueprint of an organization’s attack surfaces and behavior so no APTs slip through the cracks.
The commonly believed weak link within organizations is not what many think it is – a lack of technology or ineffective technology. Humans are more often than not the weakest link – responsible for exposing the networks they manage to advanced, intelligent attackers. This is why defending against APTs requires a combination of strategy and tooling.
With entire infrastructures and mounds of sensitive data living in the cloud, how we secure it remains one of the most significant undertakings within the public and private sectors. We need automated and accelerated cloud security capabilities so that security isn’t a bottleneck to business innovation. Smart APS is a necessary framework for defending against the most modern, pressing threats to cloud-based organizations. The time is now to implement the necessary measures before you fall victim to an attack.