Web Security for Advanced Malware and Persistent Threats – Revisited

Posted by Lastline MAY 22, 2018 ON

In 2014, Lastline published a blog titled “Web Security for Advanced Malware and Persistent Threats”. Four years later it remains a very popular post—describing how Lastline compliments Secure Web Gateways (SWGs) to dramatically bolster web security—particularly against Advanced Persistent Threats (APTs).

A lot has changed since 2014. Complimenting SWGs with enhanced protection is of course still necessary — even more so today than four years ago. What has changed is that the threat exposure has continued to increase. APTs are more common and dangerous than ever and understanding how these threats have grown in complexity and sophistication is critical for those tasked with keeping their networks safe.

Advanced Persistent Threats Defined

An APT is a prolonged, stealthy attack, usually although not always against a specific target such as an individual, organization, agency, or business. Some APTs continue for months or even years, and given the needed resources and patience, they are typically orchestrated by nation-states or other large, well-funded organizations. APTs almost always include advanced malware, and frequently aim to infiltrate an entire network, as opposed to one specific component.

Like any breach, the consequences of a successful APT are vast, including:

Intellectual property theft

Compromised employee and customer data

Sabotaging of critical data and infrastructures

Total site takeover

Advanced Malware — Part of Every APT and Becoming More Dangerous

Advanced malware is an important component in any APT campaign. The “advanced” portion of the APT term refers not only to the advanced process and methods used in the overall attack, but in the sophistication of the malware that is used.

We’ve seen the level of complexity and innovation in advanced malware increase dramatically during recent years. Today’s sophisticated malware is more available, more dangerous, and harder to detect than ever before.

Here are a few areas where advanced malware has significantly evolved:

Evasion capabilities : Evasive malware is shifting from a seldom-used, sophisticated weapon in the hands of a few to a widely proliferated, popular tool used by many attackers in many ways. The barriers to entry for building and disseminating evasive malware have dramatically lessened. See Evasive Malware’s Gone Mainstream to learn more.

: Evasive malware is shifting from a seldom-used, sophisticated weapon in the hands of a few to a widely proliferated, popular tool used by many attackers in many ways. The barriers to entry for building and disseminating evasive malware have dramatically lessened. See Evasive Malware’s Gone Mainstream to learn more. Improved persistence : A number of new techniques have emerged to increase malware’s ability to persist. We’ve seen several new and clever approaches that hide malicious modules in PowerShell scripts, as well as improvements in encryption, compression, and obfuscation, to name just a few.

: A number of new techniques have emerged to increase malware’s ability to persist. We’ve seen several new and clever approaches that hide malicious modules in PowerShell scripts, as well as improvements in encryption, compression, and obfuscation, to name just a few. Browser-based malware : During the past year or so, we’ve seen a sharp increase in web threats that are specifically designed to leverage browser-based vulnerabilities. This increase in popularity is not only because browsers are strategically desirable as hacking targets, but because browser-based web threats are difficult to detect.

: During the past year or so, we’ve seen a sharp increase in web threats that are specifically designed to leverage browser-based vulnerabilities. This increase in popularity is not only because browsers are strategically desirable as hacking targets, but because browser-based web threats are difficult to detect. Drive-by downloads : Several new techniques for infecting webpages with malicious code have emerged in the last few years. Infections range from malicious JavaScript code to iFrames, links, redirects, malvertisements, cross-site scripting, and other malicious elements. See Drive-By Downloads and How to Prevent Them for more information.

: Several new techniques for infecting webpages with malicious code have emerged in the last few years. Infections range from malicious JavaScript code to iFrames, links, redirects, malvertisements, cross-site scripting, and other malicious elements. See Drive-By Downloads and How to Prevent Them for more information. Exploit kits-as-a-service: Advanced malware has recently found its way into exploit kits. These attacks in a box don’t require much technical expertise and are relatively inexpensive to use. Current services include malware that is very hard to detect and will exploit a wide range of website vulnerabilities.

Web Security — Staying Protected from APTs

It might be tempting for many web security professionals to assume that their organization’s data is not of sufficient value to attract an entity that would carry out an APT. But it’s not just government agencies and defense contractors that are the primary targets of APTs. Private enterprises and corporations, even small ones, are just as likely, or even more likely for cybercriminals to target. Often, it’s the smaller companies that supply and manage critical operations, and it’s a lot easier to attack a smaller company with limited security resources than to breach the Pentagon or the Department of Energy.

Every organization must continually and thoroughly evaluate their web security needs, and where prudent, augment their SWGs with appropriate tools to protect them from the advanced malware that fuels today’s APTs.

Our earlier post on this topic, Web Security for Advanced Malware and Persistent Threats, describes how Lastline’s products help companies detect and defend against APTs. While cyberattacks certainly have increased in sophistication since we published that post, so has our technology. Independent studies continue to find Lastline’s malware detection technology superior to other products. For example, in the 2017 NSS Labs Breach Detection Systems group test, Lastline achieved the highest score in all three areas that resulted in our product receiving a 100% Security Effectiveness score—breach detection accuracy, reliability, and resistance to evasion.