APT- Zero Day Malware
Advanced Persistent Threat (APT) APT is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity. APT usually targets organizations and or nations for business or political motives. APT processes require high degree of covertness over a long period of time. As the name implies, APT consists of three major components/processes: advanced, persistent, and threat. The advanced process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The persistent process suggests that an external command and control is continuously monitoring and extracting data off a specific target. The threat process indicates human involvement in orchestrating the attack.
APT usually refers to a group, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information,but applies equally to other threats such as that of traditional espionage or attack.Other recognized attack vectors include infected media, supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.
The Middle East saw a significant rise in APT targeted attacked towards large enterprises to cause significant impact - Saudi Aramco, RASGAS, RAKBANK, NTA UAE, UAE Central Bank and Abu Dhabi Exchange to name a few. DTS is at the forefront of providing advanced APT security solutions and has been working with some of these clients post-incident to develop security operations centers and build a security monitoring framework.
Advance Persistent Threat Life Cycle
Actors behind advanced persistent threats create a growing and changing risk to organizations' financial assets, intellectual property, and reputationby following a continuous process:
- Target specific organizations for a singular objective
- Attempt to gain a foothold in the environment, common tactics include spear phishing emails.
- Use the compromised systems as access into the target network
- Deploy additional tools that help fulfill the attack objective
- Cover tracks to maintain access for future initiatives
Research into the APT life cycle illustrate some attacks using APT methodology that infected endpoints and were resident within the enterprise over 8 years;
- Initial compromise — performed by use of social engineering and spear phishing, over email, using zero-day viruses. Another popular infection method was planting malware on a website that the victim employees will be likely to visit.
- Establish Foothold — plant remote administration software in victim's network, create network backdoors and tunnels allowing stealth access to its infrastructure.
- Escalate Privileges — use exploits and password cracking to acquire administrator privileges over victim's computer and possibly expand it to Windows domain administrator accounts.
- Internal Reconnaissance — collect information on surrounding infrastructure, trust relationships, Windows domain structure.
- Move Laterally — expand control to other workstations, servers and infrastructure elements and perform data harvesting on them.
- Maintain Presence — ensure continued control over access channels and credentials acquired in previous steps.
- Complete Mission — exfiltrate stolen data from victim's network.
A universal detection method for advanced malware across various applications.
High-Resolution Security Analysis
Web, Email, Content and Mobile Apps
DTS Solution works with Lastline to provide the most comprehensive Zero Day Malware detection systems. Lastline’s full-system emulation functionality dissects not only APTs, but malware crafted to evade detection by traditional sandboxes used by first-generation APT security vendors.
Global Threat Intelligence
Be aware of the latest advanced threatsDTS Solution preferred vendor of choice for Zero Day Malware detection Lastline has the ability to crawl the web utilizing emulated browsers, machine learning, information on objects analyzed and big data analytics to build a knowledge base of malicious objects, bad IP addresses and active command-and-control systems.
Increase your coverage without increasing your costs
Distributed Architecture That Scales
Throughout your entire network
Flexible architecture allows for easy scalability as your architectural, operational and business needs change. We offer organizations the ability to deploy on commodity hardware or in virtual environments on a per-user basis, so go ahead, deploy as much as you'd like. Expensive proprietary hardware is a thing of the past.
Stop filtering through alerts. Start blocking threats
Actionable Threat Intelligence
More signal, less noise
When a threat is serious, you will know. Lastline makes it easy for you to identify critical APTs targeting your network. Network activity is correlated with information resulting from the execution of software artifacts, providing an incident-centric view of infections. The ability to link together the various steps involved in the compromise of an internal endpoint supports root-cause analysis and more effective remediation.
Ensure end-to-end interoperability
Integrate With Traditional Security Systems
And complement other defense countermeasures
Lastline's unrivaled API capabilities allow you to easily integrate our software solution with existing security infrastructures to add malware analysis and better protect against advanced cyber threats. Use your own sensors or existing technologies — SWGs (Secure Web Gateways), IPSs (Intrusion Protection System), NGFWs (Next-Generation Firewalls) and SIEM (Security Information Event Management) installations can all interoperate seamlessly with Lastline Enterprise.
On-Premise Deployment
Deploy in your private cloud or ours...
Lastline Enterprise was designed with flexibility in mind. If your Enterprise is restricted by strict privacy laws and policies, deploy on-premise, and install components in your data center. Network behavior models associated with malware will be regularly downloaded from Lastline. Or choose the hosted deployment model and Lastline will manage the backend infrastructure for you.