Fortinet discusses harms of APTs and importance of The Cyber Kill Chain
Taguig City, Philippines – [November 22, 2021] – As the current pandemic continues to drive the growth of digital innovations, organizations worldwide, including small and medium businesses (SMBs), are still trying to explore the ins and outs of their digital transformation, making their businesses more vulnerable to cyberattacks.
In Southeast Asia, only 67 percent of institutions and businesses only have the essential software and application as a form of cybersecurity to combat these attacks, says a recent report released by the International Data Corporation (IDC).
To give further insight and offer solutions to strengthen businesses’ cybersecurity, Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, held a webinar titled Advanced Threat Protection: Security Fabric and the Cyber Kill Chain, to bank executives and other organizations that tackled advanced persistent threats (APTs) in systems and networks, mechanisms of ransomware, and how it can be identified and prevented in their day-to-day operations.
APTs vs. Ransomware: What’s the difference?
Hans Dominic Javier, Channel Systems Engineer of Fortinet Philippines, said that APTs are attacks in the system done secretly over a long period to gain illegal access in a company’s network to gather critical or confidential information using innovative and creative methods. Ransomware, on the other hand, is categorized as malicious software used to extort money from individuals or companies in return for their sensitive data which have been encrypted and are inaccessible.
“APTs and Ransomware could be acquired in many ways. Some of the more known methods of gaining entry or users acquiring such malicious content are through drive-by downloads when you click a link unsuspectingly when you visit a particular website, phishing emails, or even malvertisements,” Javier discussed.
Ransomware often targets SMBs or large enterprises, healthcare, financial services, state and local governments, socially visible employees, and even operational technology that exhibit ease of entry in the network, a possibility of payment, and then payout.
Fortinet Philippines’ Systems Engineering Manager Nap Castillo added, “there were organizations in the Philippines who reported that they were hit by ransomware in 2020. The State of Ransomware in 2021 Report even revealed that organizations in the Philippines spent approximately PHP 40 million to recover from these attacks.”
The Cyber Kill Chain
Javier noted that as cyber attacks rise and significantly evolve, leaving networks and systems defenseless against attackers, a defense framework, called Cyber Kill Chain, was developed to help identify and prevent illegal cyber intrusions.
There are many threats out there coming from all sorts of areas, and combatting the cyber kill chain requires specific skills. If we look at the seven steps of the cyber kill chain—reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions—we can shine the light on the processes and use that as a roadmap to see what kinds of skills we need to develop to thwart each step.
The seven steps of the cyber kill chain can be broken down into three stages of attack. First, attackers will conduct reconnaissance by selecting a company and conducting surveillance such as gathering email addresses and other relevant information. Next is the weaponization of this information, by developing a customized attack such as embedding a specific malware in a document that is disguised legitimate company documents, or directly hosting on a compromised domain to deliver in a payload.
In the second stage, the focus is on delivery methods. Some ways that attacks are transmitted include through email attachments and embedded URLs to compromised websites. Even possibly via USB and other means that would reach the target. Next is exploitation, which is finding weaknesses in the system and performing the attack through application or system vulnerabilities and the installation of malicious applications in the network directly.
Lastly, confidential data are being taken in the command & control stage. This is when intruders gain full control to manipulate the system. During the breach, attackers then carry out actions on objectives such as data exfiltration, when attackers trying to export, edit, delete, or encrypt important files or information.
Figure 1: Machine Learning Applied Across the Cyber Kill Chain
Fortinet’s Solutions across the Cyber Kill Chain
To protect systems and networks across the three stages of the Cyber Kill Chain, Fortinet provides deep comprehensive threat protection services for the different potential points of entry.
From a network perspective, Fortinet provides FortiGate Next-Generation Firewall (NGFW), which protects its users with intrusion prevention, anti-virus, anti-botnet, anti-spam, web filtering, web security, and application control. It delivers industry-leading enterprise security for any edge at any scale with full visibility and threat protection.
Organizations can weave security deep into the Hybrid IT architecture and build Security-Driven Networks to deliver end-to-end security at pace. It also helps in enabling consistent real-time defense with Artificial Intelligence (AI) and Machine Learning-powered FortiGuard Services, achieve seamless user experience with Security Processing Units, improve operational efficiency, and automates workflows.
Meanwhile, FortiClient Enterprise Management, which gives centralized management of various endpoints, allows its users to distribute security features to different endpoints, including laptops and desktops. In addition, FortiEDR, advanced endpoint detection, and response security help users stop real-time threats and can be installed altogether with the existing anti-virus.
Fortinet also delivers a wide array of solutions to help identify APTs and ransomware. It includes FortiSandbox for zero-day attacks, FortiAI with virtual security analyst (VSA) to lessen manual threat checkup and prevention, and FortiInsight or User and Entity Behavior Analytics (UEBA) to flag insider threats.
Meanwhile, FortiAnalyzer with Indicators of Compromise (IOC) also helps identify high-risk devices and users, while FortiDeceptor is used to deceive a threat and determine its origin.
To learn more about Fortinet, visit its website at https://www.fortinet.com/.
