Cyber-attacks are no longer simple smash-and-grab jobs driven by pre-programmed malware. They are controlled by highly skilled, creative and intelligent humans. Ongoing coordination allows a human attacker to progressively learn more about the target network, adapt to any defensive measures, and advance the attack over time.
But while attacks have made an evolutionary leap in complexity, security defences have not. Signatures are the bedrock of traditional security technology and are written to identify exploits, malicious URLs and known malware as they seek to penetrate and gain an initial foothold inside the organisation. Signatures can quickly identify, and block known threats at scale. However, their weakness is that they are inherently reductive — they reduce a known threat to its simplest fingerprint in order to give a single yes or no answer within microseconds to avoid slowing the flow of application traffic. This reductive focus on immediate and simple answers has created an advantage for attackers who are willing to adapt.
However, it is the persistence of the ongoing attack that has truly turned the tables. Once an organisation’s outer defences are compromised, attackers can blend in with the network, progressively spy, and spread deeper, until they find high-value assets to steal or destroy. This process typically involves multiple compromised hosts, a variety of common tools and protocols that blend into the noise of everyday communications, and the theft and misuse of valid user credentials.
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines
READ THE ENTIRE ISSUE
June - July 2020