Cybersecurity pros against APT

20 January 2021
| No comments
APT hackers for rent

Share post

The hacking industry, which is becoming more professional, not only offers malware and tools for rent. Criminal experts also make their work available for money. Their expertise in Advanced Persistent Threats (APT) requires a defense at eye level: Managed Detection and Response (MDR).

Cyber ​​crime has become more organized in recent years and is increasingly based on the example of the business world. For almost a decade, Malware-as-a-Service initially offered a quick entry into the world of cybercrime and the most diverse tools have always been on the illegal market: Remote Access Trojans (RAT), botnets for sending spam or even sophisticated ransomware attacks. Equipped in this way, criminals with little technical competence can now operate even complex malware. As in normal business life, the income generated is shared among the various participants: Then, for example, the manufacturer receives 40 percent and the rest goes to the operators who carry out the attack.

Cybercriminals with division of labor

The existing ecosystem of services and malware has encouraged cyber criminals to continue their division of labor in an industrial style: developers write the code, product managers draft the comprehensive roadmaps, taking countermeasures into account. Technical support assists users in their day-to-day business. The entire business model is financed by the victims. On their own behalf, the actors then advertise on social media or under a forum alias with the financial results of past campaigns in order to recruit new partners.

Commercial malware-as-a-service has unfortunately proven its effectiveness. Analyzes show that the trend towards commercialization in a negative sense is more sustainable and far-reaching than expected: developers and partners generate billions in revenue. For example, the authors of the GandCrab ransomware attack stated in underground forums in 2019 that they had extorted more than two billion US dollars from the attacked companies.

From criminal malware to APT service provider

APT mercenary groups started offering their services two years ago. They are aimed at actors in key positions who are interested in sophisticated attack methods and who may work with governments. These groups focus on IT systems in large parts of Europe and Germany and use advanced tactics, techniques and processes (TTPs) for espionage and the theft of sensitive information.

The previously unknown APT group RedCurl attacked several companies in the banking, insurance, law, construction, finance, consulting, retail and tourism sectors in 2018. According to the analysis by the IT security experts at Group-IB, the authors used a powerful malware framework for data exfiltration. In the summer of 2020, Bitdefender disclosed the activities of another professional APT attacker group: Their business model was based on cyber espionage in the real estate industry. To do this, it used a malicious payload that disguised itself as a plug-in for the popular 3D computer graphics software Autodesk 3ds Max. Professional tests of the code against defense solutions ensured that the malware was not detected when it was deployed.

Cyber ​​crime on a new level

The expertise of the organizations behind such attacks takes cyber crime to a new level. APT tools for espionage are the products of experienced developer teams who have highly specialized knowledge. These use toolkits tailored to the respective project. They also prevent the malware from spreading beyond the actual target. As a result, providers of defense solutions are less likely to get a copy of the malware to detect in the future. This presents the defense teams of small and medium-sized companies with major challenges. Conventional approaches to file-based malware detection overlook, for example, polymorphic malware samples and so-called fileless malware. Living-off-the-land tactics that abuse Remote Desktop Protocol (RDP) or other legitimate tools, for example, are difficult to identify. This makes it very difficult for small and medium-sized companies and organizations to react to these threats with the necessary speed.

Most organizations have basic technologies to protect against various types of malware. But the highly developed tools of the APT professionals can move under the radar of the defense after penetrating the company network and evade their measures at least for a while.

Professionalize defense

Bogdan Botezatu, Head of Threat Analysis at Bitdefender

Endpoint security solutions alone cannot detect malicious behaviors and payloads across the chain of attacks. Technology alone is not enough to identify complex attacks that have been developed with high standards and skills. Defending yourself against APT attackers requires interaction between software and experts.

In order to uncover all the intentions and the full extent of an attack carried out by professionals, it depends on the assessment of the events aggregated in an EDR (Endpoint Detection and Response) solution by a human analyst. A relevant incident is passed on to digital forensics specialists for analysis. Incident management contains the damage. It reduces the cost and time to restore the previous system status or data set and prevents reputational damage.

But the expertise required for such an analysis is rare and has its price. It also takes time to train a team of cyber risk specialists. In the face of highly determined attackers, many companies should therefore consider getting outside help in the form of offers for managed detection and response.

Managed detection and response

An externally operated MDR (Managed Detection and Response) combines proven security technologies for endpoint detection security analyzes and investigations of network traffic with the necessary competence and knowledge of highly qualified experts. Such an outsourced, additional IT security center supports companies that do not have access to advanced technologies - such as SIEM (Security Information and Event Management), TIP (Threat Intelligence Platform) and SOAR (Security Orchestration Automation and Response) - or do not have enough staff to fend off business-critical cyber threats around the clock. Additional expert support enables advanced security incident detection with rapid response using automated, pre-approved processes. This enables external analysts to quickly take measures to mitigate and defend against threats.

The MDR offerings also include active threat hunting and monitoring of the dark web, as well as forensics to investigate context-related and usable threat indicators. The experts also analyze the human or employee risk factor. Customer-specifically defined threat models enable a customized response to incidents. Business-critical attack targets and those with particular risks can be monitored in a targeted manner. The MDR provider's Security Operation Center (SOC) offers the experience of experts and delivers reports according to the requirements of customers from various industries.

Restore eye level

So not only has the threat landscape changed - but also the organization, structures and, ultimately, the staffing of cyber criminals. Their role models are the division of labor and the business models in the legal business world. Attackers outsource technology and development. Malicious service providers are positioning themselves with their offers to attack companies of all sizes and in all areas in order to benefit from cyber crime. So it is time for the legal economy to reflect on its collaboration processes: Companies not only need access to defense technologies, but also to the competence and experience of external experts in order to stand up to the harmful actors. You buy what you need but cannot do yourself.

More on this at Bitdefender.com

 

About Bitdefender

Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more

Bitdefender, Stories
, , , ,