eBooks/eGuides

Data Center and Hybrid Cloud for Dummies

Issue link: https://insights.oneneck.com/i/1458399

Contents of this Issue

Navigation

Page 36 of 82

CHAPTER 2 Security Challenges in Hybrid Clouds 31 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Targeted "Low-and-Slow" Attacks and APTs Targeted attacks and APTs against specific organizations or indi- viduals are another major concern. In this case, attackers often develop customized attack mechanisms to take advantage of the specific equipment, systems, applications, configurations, and even personnel employed in a specific organization or at a given location, and quietly collect sensitive data over extended periods. These "low-and-slow" tactics are designed to avoid detection for as long as possible. Whereas the average time for an organiza- tion to identify a breach in 2019 was 206 days according to the Ponemon Institute, a targeted "low-and-slow" attack or APT may go undetected for years (see the "Carbanak: The great bank robbery" sidebar in this chapter). APTs are a class of threats that often combine advanced mal- ware and botnet components to execute a far more deliberate and potentially devastating attack than other types of attacks. As the name applies, an APT has three defining characteristics: » Advanced: In addition to advanced malware and botnets, the attackers typically have the skills to develop additional exploitation tools and techniques and may have access to sophisticated electronic surveillance equipment, satellite imagery, and even human intelligence assets. » Persistent: An APT may persist over a period of many years. The attackers pursue specific objectives and use a low-and-slow approach to avoid detection. The attackers are well organized and typically have access to substantial financial backing to fund their activities, such as a nation-state or organized crime. » Threat: An APT is a deliberate and focused, rather than opportunistic, threat that can cause real damage. A botnet is a broad network of malware-infected endpoints (bots) working together and controlled by an attacker through C2 infrastructure. The increasing speed and sophistication of threats emphasize the need for proactive countermeasures with extensive visibility and control at the application layer of the network computing stack.

Articles in this issue

Archives of this issue

view archives of eBooks/eGuides - Data Center and Hybrid Cloud for Dummies