Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs)

The security landscape is changing: governments, critical infrastructure providers and defence organisations increasingly rely on the Internet to perform mission-critical operations. At the same time, cyber attacks have become more professional with attackers investing more time and money into creating detection evasion techniques and developing sophisticated, targeted attacks exploiting zero-day vulnerabilities.

Zero-day exploits are the biggest threat to security, because there are no defences against them and the attacks can go unnoticed. Most organisations are not even prepared against popular untargeted malware, not to mention advanced persistent threats (APTs). They rely largely on signature-based security solutions, which only defend against known threats and require continuous rule updates to even stay up-to-date on cyber attacks.

In this paper, we take a two-fold approach to securing networks against APTs. Firstly, we discuss using fuzzing, a robustness testing technique, to discover exploitable zero-day vulnerabilities proactively. Secondly, we present a botnet-inspired system which enables organisations to expand their knowledge of Internet abuse without straining their security resources by better utilising security information already provided by the security community.

By collecting security information from public and private feeds and automatically generating actionable abuse reports, organisations can adopt cost-effective processes for detecting malicious activity and mitigating incidents. It is equally important to ensure the security and robustness of critical networks and services and to develop capabilities for detecting attacks at the earliest possible moment. By implementing fuzzing into your software development and procurement processes and having good abuse situation awareness, you can prepare your networks against APTs.

Published 23 August 2012.