Want an APT Doorstop? Try Live Patching
APTs are highly sophisticated cyberattacks that are targeted at large or prominent organizations and carried out by well-resourced threat actors, such as nation-state-sponsored groups or criminal organizations.
Defending against APTs requires a multi-layered approach that includes typical cybersecurity measures, employee training, and threat intelligence. In this article, we will focus on the importance of live patching as a way to reduce the risk of APT attacks
What Is an Advanced Persistent Threat (APT)?
Advanced persistent threats (APTs) are a type of cyberattack that’s distinguished by three key characteristics: it’s highly sophisticated, long term, and specifically targeted toward a particular organization or individual.
For the most part, APTs are often carried out by well-resourced threat actors, such as nation-state-sponsored groups, criminal organizations, or hacktivists.
Some of the most well-known APT groups include Fancy Bear, believed to be affiliated with the Russian government, and APT10, a Chinese hacking group that has targeted government agencies and technology firms.
APTs are among the most sophisticated and dangerous types of cyberattacks, and defending against them requires a multi-layered approach that includes a combination of technical controls, employee training, and threat intelligence.
Who Gets Targeted?
Mounting an APT isn’t an easy task and this type of attack is usually aimed at large, significant targets. Think energy companies and utilities, aerospace, NGOs, and so on.
For example, the Russian hacking group Energetic Bear (also known as Dragonfly) targeted multiple energy companies in Europe and North America, gaining access to their networks and gathering intelligence.
Likewise, the Chinese hacking group APT10 targeted multiple aerospace companies in the United States and Europe, stealing sensitive data about military and commercial aircraft.
APTs have also been used to target NGOs for political or ideological reasons. For example, the Iranian hacking group Charming Kitten (also known as Phosphorus) targeted multiple NGOs in the United States, stealing sensitive data and conducting espionage.
Why APTs Are So Dangerous
It comes down to the effort put into it. Threat actors that deploy APT strategies have a goal in mind and will stop at little to achieve that goal. Here are a few characteristics of APTs that make these threats more dangerous than ordinary cyberattacks:
- Multiple attack vectors: APTs involve multiple attack vectors and techniques, including social engineering, malware, and zero-day vulnerabilities. This variety of techniques increases the chances of success as detection and defense is more difficult.
- Persistence: APTs are designed to remain undetected for an extended period, enabling extensive surveillance and intelligence gathering. Unlike most opportunistic and short-lived cyber attacks, APTs can be executed over months or even years.
- Specific objectives: APT attacks are highly targeted, and the attackers typically have a specific objective in mind. This could include stealing sensitive data or intellectual property, disrupting critical infrastructure, or carrying out espionage.
- Custom-built attacks: Attacks are often custom built for their intended target. The attackers may use sophisticated techniques such as spear-phishing or watering hole attacks to gain initial access to the target’s systems or network. Once inside, the attackers may use a variety of techniques to move laterally across the network and gather intelligence.
As you can see, it’s a determined effort. Cyberattacks that are broadcast hoping to hit something somewhere is one thing – but cyberattacks that are this advanced, targeted, and determined are a different level of danger.
Ways to Guard Against APTs
Preventing an advanced persistent threat (APT) attack can be a challenging task because these attacks are so sophisticated and persistent. However, there are several strategies that can be implemented to reduce the risk of an APT attack or minimize its impact if one occurs. Here are some strategies to consider:
- Determine the organization’s crucial assets. This enables you to invest in safeguarding the most appealing targets from various perspectives.
- Maintain updated security patches. Ensuring all software has the latest security updates minimizes the number of vulnerabilities available for APT attackers to exploit.
- Implement strong technical controls, such as intrusion detection and prevention systems, firewalls, antivirus and anti-malware software, as well as data loss prevention tools.
- Conduct regular vulnerability assessments and penetration testing. Regular vulnerability assessments and penetration testing will identify weaknesses in your network and applications
- Monitor and manage network traffic by looking out for unusual behavior, backdoors, shared files, and suspicious users, including endpoint devices in the process.
- Develop an “allow list.” Defining the domains and applications permitted for network access helps to further reduce the APT attack surface.
- Provide ongoing security awareness training. Help employees and contractors understand the latest APT tactics and techniques and learn how to recognize and report suspicious activity.
You also need to implement an incident response plan that can help you mitigate an APT attack in progress and to recover from the attack. Overall, only a multi-layered approach reduces the risk of falling victim to an APT attack and minimizes the impact if one occurs.
OK, But How Do You Get Patching Right?
Missing any single one of the above suggestions can increase your risk of falling victim to an APT attack. Some points are harder to consistently get right than others. Managing a whitelist, for example, is ongoing but manageable work, and training is something you must do thoroughly once or twice – and simply update on an ongoing basis.
Patching, however, is tough because it’s labor intensive and often causes disruption. Furthermore, there is a steady stream of new patches for new vulnerabilities – and with thousands of new vulnerabilities a month, patching can become overwhelming.
For these reasons, companies tend not to get patching right consistently, which means that APT actors have plenty of opportunities to mount and maintain an attack.
Consider Live Patching to Guard Against APT Attacks
The solution? Live patching helps organizations to patch consistently by reducing the disruption involved with patching. Companies that integrate live patching into their cybersecurity defenses can expect to offer much stiffer resistance to threat actors because one of the most common entry points – a vulnerable software component – is now closed.
So yes, it’s important to take all the usual cybersecurity measures to guard against advanced persistent threats, but your best efforts could be undermined by poor patching practices. Learn more about live patching here – and find out how TuxCare can help your organization live patch against APT threats.