Assess and evaluate your security strategy: lessons from the Dell SecureWorks Counter Threat Unit

Topics in this article

The Dell SecureWorks Counter Threat Unit (CTU) has observed threats becoming more advanced as hackers seek new ways to breach security or disrupt operations. Distributed Denial of Service (DDoS) attacks and Advanced Persistent Threats (APT) are still a big concern in the security threat landscape and the attacks are getting more complex. Organisations must evaluate and develop their security controls to protect against these sophisticated and unpredictable cyber-attacks.

In recent months, the CTU spotted a number of changes in the hacker’s approach, and to call out two, DDoS and APTs are good examples.

DDoS

In a Denial of Service attack hackers are trying to disrupt a website, network or machine, the goal may be as simple as that, but we have also observed DDoS attacks being used as a distraction technique whilst other attacks occur. A typical approach could be hackers performing a test to find a suitable target. If the test is successful, the hackers then organise themselves to return and launch a full scale DDoS attack. One recent example was an attack which coincided with unauthorised wire transfers, where some of the fraud attempts ran into millions of dollars.

The CTU team has seen many DDoS attacks using DNS amplification techniques; at a basic level, this type of attack turns a small volume of data from the attacker into a large volume of data. For the victim, such attacks can saturate networks very easily and cripples web servers so they simply can’t function. Understanding your exposure and your response strategy is of critical importance. This assessment will pinpoint how prepared a business is for mitigating a DDoS attack.  

APTs

APT: Advanced, Persistent, Threat. Not a ‘what’ and a ‘how’, but a ‘who’ and a ‘why’. Consider how well protected you are from a persistent and dedicated attacker, or threat actor, who wants something from your business. Consider what they might want: intellectual property, commercial information, personal data and consider the security controls which protect such data. APTs are a big threat for an organisation’s intellectual property, financial assets, and reputation. The CTU has observed different vertical sectors suffer varying levels of attacks. Last year the top three targeted verticals were Manufacturing (17%), Financial Services (16%), and Industry Service Providers (15%).

The picture below shows the different types of APT malware and which sectors they targeted.  The icon (insect) size represents the number of unique organisations affected.

The team at the CTU are constantly monitoring threats and see millions of security events worldwide every day. Unfortunately, we’ve seen that the attackers are becoming more sophisticated. But, the good news is that there are several steps an organisation can take to defend itself, detect attacks and respond fully. Tactics for preparing a security strategy include:

–          Complete thorough staff training: educate the end user

–          Regularly assess preparedness for attacks

–          Look at what is ‘usual’ security activity so it’s easier to spot ‘unusual’ activity

–          Create a response plan just in case the worst does happen

It’s important to frequently reassess security strategies in light of DDoS and APTs to build expertise and implement robust defence strategies. If you would like more information please visit www.secureworks.com

About the Author: Don Smith

Topics in this article