He explained the three ways APTs usually use to enter an organisation's network. The first is spear phishing, which is an email spoofing fraud that attempts to target a specific person in the organisation so as to gain unauthorised access to confidential data. The second is chains of trust, where attackers infiltrate the victim's networks by penetrating the systems belonging to the victim's partners. The final method is watering holes, in which attackers take advantage of flaws of web apps from legitimate websites that the target normally visits.
According to Nachreiner, defence in depth is the best protection against APTs as those attacks use multiple vectors of attack. "A firewall might miss watering hole attacks while signature-based antivirus solutions may miss zero-day malware... so the more security layers you have, there is a higher chance of catching advanced malwares."
Organisations should also adopt virtual sandboxes to further protect itself from zero-day malware, advised Nachreiner. According to Deakin University's research in June 2013, nearly 88 percent of malware were found to be morphing to evade signature-based antivirus solutions. By running new and questionable files in the virtual sandbox and observing their behaviour, organisations will be able to identify if the file contains malware and block it before it reaches the company's core networks.
Another way of catching APTs is by having visibility to the network. Nachreiner said: "Today, we're drowning in lines of logs and oceans of data so it is difficult to differentiate security events from normal network traffic. A study from Ponemon found that it took 80 days on average for malicious breach to be discovered and 123 days to be cleaned up." Having security visibility tools will therefore not only prevent APTs, but also quickly identify security incidents in the networks for remediation.
Defending Against Today's Web Threats
Wana Tun, Sales Engineer of Sophos NSG Asia, took to the stage to talk about "Managing Security in a Hybrid World."
Citing findings from SophosLabs, which is Sophos' global network of threat analysis centres, Tun affirmed that the web is still the number one source of malware. In 2013 alone, SophosLabs found that tens of millions of users saw browser warnings, which are triggered by a site that is deemed as unsafe, every week, he said.
Wana Tun, Sales Engineer, Sophos NSG Asia
Gone are the days when you had to install a fake software update in order to be infected. Today, by simply visiting or "driving by" an infected web page, the PC or device used to surf that website will automatically download the malicious code in the background. The drive-by downloads will then exploit the vulnerabilities found in the browser or operating system. Tun pointed out these downloads are usually placed on sites that are assumed to be safe such as blogs, online marketplaces and corporate sites.
Sign up for Computerworld eNewsletters.