The Evolution of Cyber Threats: Next-Gen Attacks Borrow APT Strategies

Network Security: How Next-Gen Threats Are Taking a Page From APTs

The Evolution of APTs

Advanced persistent threats (APTs) have long been a concern for defenders who deal with complex tactics used by attackers to compromise networks. These attacks often involve the deployment of advanced malware and espionage techniques over an extended period of time, requiring the involvement of multiple individuals within targeted organizations. While APT attacks have traditionally targeted high-profile companies, critical infrastructure, and governments, they are now being used by traditional cybercrime organizations as well.

A good illustration of the convergence of APT-style activities and common cybercrime is the use of wiper malware. Wipers were initially developed and spread by nation-state APT actors, particularly during the Russia-Ukraine war. However, we are now witnessing the scaling and global deployment of wiper malware by cybercriminal organizations. This poses a significant and pervasive threat to all companies, regardless of size.

Broad Cybercrime Attack Playbooks

In addition to the adoption of APT tactics, cybercriminal organizations are also developing more targeted and focused attack playbooks. Traditionally, APT groups were known for their focused playbooks, but now we are seeing this trend within conventional cybercrime as well.

Two notable developments in this space are SideCopy and Donot APT. SideCopy, a well-known APT organization, has been using similar tactics, techniques, and procedures (TTPs) as another group called “Transparent Tribe.” They have even adopted techniques from the Indian threat actor group SideWinder to evade detection. Donot APT, on the other hand, has been targeting businesses and individuals in South Asian countries using spear-phishing emails with malicious documents.

Staying Ahead of Evolution

As cybercriminals continue to merge APT tactics with conventional cybercrime, it is crucial for organizations to find ways to prevent and mitigate these advanced threats. Proactive, behavioral-based detections based on real-time threat data remain one of the best preventative measures organizations can take. Additionally, integrated, AI and ML-driven cybersecurity platforms with superior detection and response capabilities, supported by actionable threat intelligence, are necessary to protect the edges of hybrid networks.

Furthermore, regardless of whether users are on-site or remote, implementing a zero-trust network access (ZTNA) approach is essential for protecting access to applications wherever work or learning takes place.

The Defender’s Response

Given the expanding landscape of cybercriminal organizations and the increasing complexity of threats, security teams must focus on integrating their security technologies and deploying their own tools and tactics. This includes leveraging actionable threat intelligence, using advanced detection and response capabilities, and staying up-to-date with the evolving threat landscape.

Ultimately, safeguarding networks against the evolving advanced persistent threats requires a proactive and multifaceted approach. Organizations must invest in robust cybersecurity measures, stay informed about emerging threats, and continually adapt their security strategies to stay ahead of cybercriminals.

About the Author

Derek Manky is the Chief Security Strategist and Global Vice President of Threat Intelligence at FortiGuard Labs. With over 15 years of experience in cybersecurity, Derek formulates security strategy and provides thought leadership to the industry. He is actively involved in global threat intelligence initiatives and works with leading political figures and key policy stakeholders to shape future proactive security strategies.

Source: SecurityWeek