By Don Smith, Director of Technology, Dell SecureWorks
The Dell SecureWorks Counter Threat Unit (CTU) has observed cyber threats becoming more advanced as hackers seek new ways to breach information security or disrupt operations. Distributed Denial of Service (DDoS) attacks and Advanced Persistent Threats (APTs) are a big concern. Organizations must evaluate and develop their IT security controls to protect themselves from these sophisticated and unpredictable cyber-attacks.
DDoS Attacks and DoS Attacks
In a Denial of Service attack, hackers try to disrupt a website, network or machine. The goal may be solely to prevent people from connecting to the website that is being attacked, but a Distributed Denial of Service (DDoS) attack is often used to distract a business so attackers can conduct other attacks behind the scenes while the business is focused on getting its website back up. Many times, hackers conduct a DDoS test-run on an organization to see whether it is susceptible to DDoS attacks. If the hackers discover they can take down the targeted website, the hackers then return to launch a full-scale DDoS attack that could take a site down for days or weeks. Often DDoS attacks coincide with other malicious activity. For example, in the banking industry attackers may send a DDoS attack to a bank. Once the website is down and the IT team is working to get it back up and running, the cyber attackers are making unauthorized wire transfers from banking customer accounts into the attackers’ accounts overseas.
The CTU team has seen many DDoS attacks using DNS amplification techniques. This occurs when a botnet is not large enough to launch an effective cyber-attack, so botnets send out a relatively small amount of traffic to other computers that in turn send more traffic toward the actual target. For the victim, such attacks can saturate networks very easily and cripple Web servers so they can’t function. In order to combat DDoS attacks, an organization must understand how exposed it is to an attack and how well it can respond to thwart an attack. A Dell SecureWorks Denial-of-Service Preparedness Assessment will pinpoint how prepared an organization is to mitigate a DDoS attack.
Advanced Persistent Threats (APTs)
APT: Advanced, Persistent, Threat. An Advanced Persistent Threat refers to a group that persistently attacks a target in order to obtain an objective, which could be to obtain information or to hinder the target’s activity. Organizations should discover how well protected they are from a persistent and dedicated attacker, or cyber threat actor, who wants something from it. Consider what attackers might want such as intellectual property, commercial information, personal data and customer data. Consider the IT security controls you need to protect such data. APTs are a big threat to an organization’s intellectual property, financial assets and reputation.
The picture below shows different types of Advanced Persistent Threat malware and the sectors they targeted. The icon (insect) size represents the number of unique organizations affected.
Fig.1 – Advanced Persistent Threat malware activity in various vertical sectors in Q4 2012
The CTU constantly monitors cyber threats and sees millions of information security events worldwide every day. Although malware attackers have become more sophisticated, there are several steps organizations can take to defend themselves, detect attacks and respond fully. Tactics for preparing a security strategy include the following:
- Complete thorough staff training: educate the end user
- Regularly assess preparedness for cyber-attacks
- Look at what is “usual” security activity so it’s easier to spot “unusual” activity
- Create an incident response plan just in case the worst situation happens
It’s important to frequently reassess information security strategies in light of DDoS attacks and Advanced Persistent Threats (APTs) to build expertise and implement robust defense strategies. Contact an Information Security Consultant for a further discussion on Dell SecureWorks IT security services.