More Dangerous and Exploding than Any Other Cyberattacks
This article was written based on an interview with Han Seung-cheol, CEO of NPCore, an AI-based new variant malware (APT) response solution provider in Korea. -- Ed.
Before Russia invaded Ukraine, Chinese hackers conducted cyberattacks against 600 places, including major facilities and institutions, in Ukraine. In accelerating digitalization, cyberattacks are expected to intensify and expand. As digitization progresses, it is perhaps natural to try to take the lead after neutralizing and disrupting the digitized system with cyberattacks. Unfortunately, many organizations still view their cybersecurity investments as a waste of money. Cyberattacks can cause colossal damage.
APT stands for Advanced Persistent Threat. It is an attack that creates a variety of security threats and continuously and intelligently attacks a specific organization or network of any particular company. For example, it is possible to attack the computers of internal employees of any organization and access the internal server or database through the computer to extract critical information or even physically destroy it.
Servers, networks, and endpoints such as desktops and laptops that we use daily are vulnerable, but in the end, the most vulnerable in cybersecurity is the 'person' who uses these systems. Manipulating the human mind becomes an important tool, which is called ‘social engineering.’
Let's say you find a fancy USB stick from a famous brand on your office desk. You just needed a nice USB, so you picked it up and used it. The moment you plug it into a laptop or desktop computer without knowing the USB stick was infected with malware, your endpoint gets infected with malware. This is an example of a social engineering technique.
Social engineering is a technique that uses the human mind to exploit a person's psychological weakness to obtain personal information or break through a heavily protected system. It uses the psychology of people who want to use a USB that looks like it doesn't have an owner.
It is an excellent example that malware can take over a system through a human even if various cybersecurity devices and programs protect it. The harmful effects of advanced persistent attacks caused by malware infiltrating the system are enormous. The Stuxnet virus is the epitome of an advanced persistent attack (APT). They had specific targets and had the ability to destroy physical infrastructure. The Internet was not required for infection. After taking over the system via USB using social engineering, they paralyzed about 1,000 centrifuges at an Iranian nuclear facility. APT attacks are continuously increasing worldwide.
APT attacks are more dangerous and exploding than any other cyberattacks. It is designed to be more complex than a typical web application. Instead of attacking and shutting down once, it stays on the system when the network is breached and extracts as much necessary information as possible. Also, in most cases, the entire system is targeted for attack. Although major national and military facilities are often targeted, they also cause significant damage to individuals. These APT attacks target intellectual property rights, personally identifiable information, confidential data, infrastructure data, system access rights, and confidential internal communications. It is essential to prepare for this, and it is expected to become a pivotal point in cybersecurity in the future.
The minimum measure for prevention is to have cybersecurity programs and equipment specialized for APT attacks. In addition, thorough traffic monitoring is required. This is because, through comprehensive traffic monitoring, backdoor setup can be prevented in advance, the extraction of stolen data can be stopped, and suspicious users can be identified.
White listing is a way to control which domains and applications can be accessed on a network. White listing reduces the APT success rate by minimizing the number of attack surfaces. For white listing to work correctly, you need to select carefully the domains and applications your team uses and ensure that you run the latest versions of all applications.
A zero trust security policy is also essential. By limiting each account's level of access, users are given access only to the resources they need to do their job. Two-factor authentication (2FA) and keeping up-to-date with security patches are also a big help.
No matter how well a security system is built, in the end, continuous security education for employees is crucial. Social engineering training and active use of email filtering can minimize the damage caused by advanced persistent attacks.