Issue link: https://insights.oneneck.com/i/1458399
22 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. provide network-layer protection. Threat developers exploit var- ious methods to infiltrate networks, including: » Port hopping, where ports/protocols are randomly shifted over the course of a session » Use of nonstandard ports, such as running Yahoo! Messenger over Transmission Control Protocol (TCP) port 80 (HyperText Transfer Protocol, or HTTP) instead of the standard TCP port for Yahoo! Messenger (5050) » Tunneling within commonly used services, such as when sharing files or using messaging applications like Telegram Messenger » Hiding within Secure Sockets Layer (SSL) encryption, which masks the application traffic, for example, over TCP port 443 (HyperText Transfer Protocol Secure, or HTTPS) Legitimate applications are being used by attackers to spread malware. The evasion techniques built into these and many other mod- ern applications are being leveraged to provide threats with "free passage" into enterprise networks. So, it's no surprise that more than 80 percent of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weak- nesses in networking components and services. Together with the implicit trust that users place in their applications, all these factors combine to create a "perfect storm." The motivation for attackers has also shifted — from gaining notoriety to politi- cal activism, espionage, and making money. The name of the game today is information theft. Consequently, it's no longer in an attacker's best interests to devise threats that are "noisy" or that are relatively benign. To be successful, a thief must be fast or stealthy — or both. For those attackers who favor speed over sophistication — speed of initial threat generation, speed of modification, and speed of propagation — the goal is to develop, launch, and quickly spread new threats immediately on the heels of the disclosure of a new vulnerability. The resulting zero-day and near-zero-day exploits then have an increased likelihood of success because reactive countermeasures, such as patching and those tools that rely on threat signatures (such as antivirus software and intrusion pre- vention), have trouble keeping up — at least during the early phases of a new attack.