The Evolution of Advanced Persistent Threats

The Evolution of ADVANCED PERSISTENT THREATS Bringing APT Out From The Shadows NEARLY 88% OF TODAY'S MALWARE can morph to avoid detection by signature-based antivirus solutions.* WHAT IS AN ADVANCED PERSISTENT THREAT? Targeted An individual Advanced An unknown, zero day organization, nation state or even specific technology is the focus. Infiltration Persistent It doesn't stop. It keeps phishing, plugging and probing until it finds a way in to serve malware. attack that has malware payloads and uses kernel rootkits and evasion-detection is not accidental. technologies. EVOLUTION OF APT APT no longer targets huge corporations and nation-states. Now all companies are vulnerable, regardless of size. January Operation Aurora 2010 Target: Google Result: Stole source code Stuxnet June Target: Iran Result: Affected nuclear-plant operations 2010 March RSA/Lockheed 2011 Target: RSA and Lockheed Martin Result: Stole SecurelDs Duqu Target: Iran, Sudan, Syria, and Cuba Result: Stole digital certifications September 2011 May Flame 2012 Target: Countries in Middle East Result: Data gathering and exfiltration January New York Times 2013 Target: NY Times Result: Stole data, corporate passwords Adobe Breach October Target: Adobe 2013 Result: Stole customer information and data December Target Breach 2013 Target: Target Result: Stole customer credit card data EXAMPLES OF APT ATTACKS The Combination of Attack Elements Are Complex and Evolving Every Day Zero-day network exploit + Stolen or fraudulent digital signatures + OS privilege escalation = APT Spear phishing + Kernel rootkit + Custom Watering hole attack + Encrypted data + Target's intellectual property (IP) = APT malware = APT Intellectua' Property WHAT CAN CATCH APTS AND WHAT CANNOT Cannot Catch CAN A Catch STANDALONE ANTIVIRUS Layered defense, log analytics and visibility tools, signature-less detection technologies (next-generation sandboxing, virtual execution, real-time reputation) APPLICATION CONTROL ANTISPAM LEGACY FIREWALLS IPS WATCHGUARD APT BLOCKER Real-time Threat Visibility and Protection in Minutes, Not Hours. WatchGuard APT Blocker - Available Today On WatchGuard's Unified Threat Management Platforms. www.WatchGuard.com/APTBIlocker © 2014 WatchGuard Technologies. All rights reserved. *Malwise-An Effective and Efficient Classification System for Packed and Polymorphic Malware, Deakin University, Victoria, June 2013