NTT Ltd. Global Threat Intelligence report unveils evasive attacks
NTT Ltd. released its latest Global Threat Intelligence Report for January 2021, which found that global threat landscape has evolved greatly over the past few years.
In the past, organisations primarily implemented security controls to prevent attackers from penetrating their organisation’s applications or network perimeter devices, according to the report.
The approach was based on attackers exploiting vulnerable applications, devices or protocols, and while attackers are still widely using those attack techniques, today’s attackers are also commonly using more evasive attack techniques to bypass perimeter security controls organisations have implemented.
“Giving a tidy bullet list does not necessarily make the process dramatically easier,” said lead analyst, Terrence Lillard, Principal DFIR Consultant, US.
“It is hard for any organisation to suddenly reprioritise their security initiatives in directions they had not anticipated. But, all these security controls can help an organisation become more resilient, better prepared to withstand an evasive attack or at least to manage it.
“Even if your organisation can’t do everything, it is worth considering which of these steps you can take to move your organisation forward to mitigate evasive attack techniques.”
The report found there to be four stages of an effective evasive attack:
In the first stage, Endpoint vulnerability, an attacker identifies a vector to obtain access to an organisation’s endpoint device
In the second stage, Download malicious files, an attacker uses an end-point user system to establish an outbound connection to an external website and download malicious files
In the third stage, Execution of commands, an attacker uses established remote access or convinces the user to execute commands in the file which are native to the operating system, or which do not generate antivirus signature alerts
In the final stage, Lateral or egress movement, an attacker identifies and compromises other devices within the organisation
NTT’s report also revealed that nearly half of responding cybersecurity professionals say they have been distracted from some or all of their day job to help with other tasks such as providing the remote workforce with IT equipment.