Detection and Response about APT&Co.

Discussion in 'Malware Analysis Archive' started by LabZero, Oct 13, 2015.

  1. LabZero

    LabZero Guest

    Hello everyone.

    When we talk about cyber attacks, APT and advanced attacks, quite often there is confusion because, for antivirus manufacturers, the main goal seems to be to neutralize malware, It doesn't matter how advanced.

    But behind such an attack there are humans, not bits.

    Therefore, the goal should be to focus on attackers and NOT malware! It's only a tool, that although neutralized is quickly replaced by another.

    Because there is a strategy of attack.

    The attitude of many security departments against a compromise continues to be:
    • Alarm infected machine.
    • Identifying the infected machine.
    • Attempt disinfection machine.
    But ... it is possible that the malware is still on your PC ... waiting for the moment to infect the machine again and simultaneously stealing personal data.

    This is a scenario that may occur.

    Well, in my opinion it's necessary to reflect on the need to focus on the context, not the malware, on the attack strategy and not about the used tools (malware).

    Only in this way it becomes possible to understand what is happening and response planning.
    Planning that considers the analysis incident, understanding of tactics and action to neutralize the entire attack by preventing data theft.

    In two words: detection and response.
     
  2. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,680
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    First thing any good admin have to do to react properly at any attack is to setup several honeypots at key area of the network. Unfortunately , many don't even know what is an honeypot...
     
  3. cruelsister

    cruelsister Level 32
    Trusted

    Apr 13, 2013
    2,131
    12,420
    NYC
    Something to do with Bees, right?
     
    Umbra, LabZero, upnorth and 1 other person like this.
  4. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,680
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    No :D
     
    LabZero likes this.
  5. jamescv7

    jamescv7 Level 61
    Trusted

    Mar 15, 2011
    12,664
    17,723
    Web and FileMaker Developer
    Philippines
    Windows 10
    Microsoft
    Prevention, that's the number one concept at all since you will prohibit any types of attacks within lesser hassle as possible rather cure.

    Numerous seminars are gathered all around the world to encourage awareness regarding in attacks, Honeypot is a part of table contents which normally tackle by speakers so therefore you can formulate more type of protection on possible multiple attacks.
     
    LabZero likes this.
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,680
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    LabZero likes this.
  7. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,680
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
  8. LabZero

    LabZero Guest

    Umbra likes this.
Loading...