Security professionals agree that the safe approach to examining potential APTs is with high-performance on-board and cloud-based sandboxing capabilities as part of a unified security strategy. But how are these potential zero-day exploits identified?
Fortinet has compiled the following list of the top five initial exploit and exfiltration behaviours most likely to result in a potential APT attack.
1. Random generation of IP addresses. Some APT payloads include code that randomly generates strings of IP addresses. They do this to aid propagation.
2. Command and control connection attempts. Once infiltrated, APTs may elect to connect with a command and control server in order to exfiltrate data or to signal further attack resources i.e. via a botnet. Detection is based on control signatures and rendezvous detection.
3. Host mimicry. An APT may begin to mimic the behaviour of its host device or application in an attempt to evade detection.
4. JavaScript obfuscation. Documented APT cases have involved numerous techniques for obscuring (obfuscating) the real meaning and intent behind malicious JavaScript code.
5. Encrypted traffic. The trend toward encrypted malware within APT payloads renders all encrypted traffic at elevated risk.
UK enterprises wary of zero-day IT security attacks are benefiting from the ultimate in advanced threat protection from Fortinet’s new operating system – FortiOS 5.
Released at the end of 2012, FortiOS 5 includes over 150 enhanced capabilities designed to support the current and evolving security challenges of organisations grappling with more mobile devices and applications. Within its arsenal against Advanced Persistent Threats, Fortinet has added on-board and cloud-based sandboxing capabilities for executing unknown malware, complementing its unique ‘Compact Pattern Recognition Language’ processor, which enables single signatures to cover well over 50,000 different viruses including zero-day variants.
The post Fortinet news alert around ‘Detecting the five zero-day behaviours to fight APTs’ appeared first on SecurityPark.