How to Detect Advanced Threats

How can you detect Advanced Threats and why do you need to? Let's start by defining Advanced Threats: Advanced Threats are threats that are targeted towards specific individuals and organizations in order to obtain data that the attacker usually seeks for commercial exploitation. Once the malware is installed, it can remain undetected, exfiltrating confidential data without the victimized organization even being aware of its existence.

The high-profile data breaches at Anthem, Sony, Target, and Home Depot are direct results from Advanced Threats. Target's breach originated from a contractor falling for a carefully crafted email spear phishing attack sent to the company. The attackers were able to get hold of credentials to Target's billing system and from there, gain access to Target's point-of-sale devices to steal data from 40 million credit cards. In the Home Depot breach, hackers used custom-made malware that was able to remain undetected for months and exposed data of 56 million credit and debit cards. More recently, both Sony and Anthem were also compromised by similar attacks.

Why are Advanced Threats Difficult to Detect?

Advanced Threats try to circumvent detection by limiting the outbreak to specifically identified targets, therefore eluding anti-malware defenses. Anti-malware vendors utilize sandboxing techniques and heuristic filters in order to detect threats that are as yet unknown but which show signs of malware behavior. These techniques have varying degrees of success. Unfortunately, advanced hackers can create threats that stay under the 'malware radar', such as lying in wait before executing their payload or by utilizing otherwise harmless files or processes.

Using Multiple Layers to Detect Advanced Threats

Since each anti-malware vendor has its own proprietary sandboxing and heuristic analysis techniques, it is much more difficult for Advanced Threats to avoid detection if an organization deploys several different anti-malware engines. By utilizing multiple layers of defense and using a solution such as OPSWAT's Advanced Threat Detection technology to scan files with multiple antivirus engines, many advanced threats can be detected, and a company's exposure greatly diminished.

Using Data Sanitization to Prevent Advanced Threats

Advanced Threats can be embedded into innocuous looking files, such as PDF or Word files. If these files are sanitized before they can be opened, any threats that are contained within them can be defused before they do any damage. Files can be sanitized, and any possible threats removed by changing the file to a different format, for instance by changing a Word document to a PDF file or vice versa. By implementing data sanitization with a product such as Metascan®, many advanced threats can be prevented. For further information on preventing advanced threats, read our top ten tips to avoid data breaches.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.