Mideast firms use threat intelligence to counter cyber-attacks
Dubai, August 21, 2014
Organisations across the Middle East are realising that advanced targeted attacks represent one of the biggest threats to their business, according to a new report.
Confidential corporate data, business critical IP and valuable customer information are all potentially at risk from this new type of attack. Preventing exposure of these enterprise “crown jewels” has become a major priority for IT and business leaders, stated Trend Micro, a leading security software company.
One of the best ways of doing so is to build reliable threat intelligence to spot advanced threats early on and deal with them appropriately, it said.
A NEW TYPE OF THREAT
Typically, after thorough investigation into the targeted organisation, attackers will begin such threats with a simple phishing email, tricking an employee into clicking on a malicious link or downloading a malware-ridden attachment, the report said.
Once inside the corporate network, the attacker will move laterally, searching for the assets they wish to steal. All this is designed to happen quietly, under the radar, evading traditional security defences. Such attacks can lay hidden for weeks, months or even years, exfiltrating data and sending it out to the attackers all the while, it said.
Although designed to operate covertly, they do leave traces which some tools can detect. Registry changes, file changes, event log entries, service changes, and mutual exclusions are all tell-tale signs of a breach.
Monitoring in- and out-bound traffic, meanwhile, could yield indicators of compromise such as domains or IP addresses related to command & control (C&C) servers, or use of unusual ports and protocols on critical systems, stated the report.
Threat intelligence programs are therefore a vital tactic in spotting and blocking such attacks, helping to collect, correlate and pass along this key data to the relevant security teams, it said.
It can comprise not just the tools used by cyber criminals, but also their tactics and procedures – together known as TTPs.
Trend Micro has released a handy guide, “The Enterprise Fights Back (IV): Building Threat Intelligence” which is the latest in its series of papers, offering a wealth of practical advice for organisations faced with the problem of combatting advanced targeted attacks, the company said.
This report outlines the importance of threat intelligence, highlighting some of the key indicators of compromise and listing real-world examples of how some past attack indicators can be used to identify new attacks, it said.
It also discuss the importance of setting up a threat intelligence group and appointing analysts to interpret log data, as well as leveraging additional intelligence sources such as those generated by Trend Micro’s APT-hunter tool, ‘Deep Discovery’.
This tool also allows organisations to access external, global threat intelligence like that from the Trend Micro smart protection network, it said. – TradeArabia News Service