When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
How are APTs striking their targets?
In the first half of 2023 alone, Rapid7 tracked 79 distinct attacks orchestrated by state-backed actors.
Close to a quarter (24%) of the attacks we analyzed made use of exploits against public-facingapplications.
Spear phishing with an attachment is also an attack vector of choice for APT groups.
Senior Director of Threat Analytics at Rapid7.
Exploiting vulnerabilities old and new
APT groups are often synonymous with zero-day attacks.
By the midway point of 2023, roughly a third of all wide-spread vulnerabilities were used in zero-days.
That said, its a mistake to think that these elite groups are restricted to using elite tools.
An APT even used a vulnerability from 2013 (CVE-2013-3900)ten years old, and successful.
The popularity of these older vulnerabilities underscores a critical oversight in manycybersecuritystrategies.
A continuous focus on vulnerability management fundamentals is particularly important here.
Similarly,identity-based security is very important here, especially multi-factor authentication (MFA).
MFA is a critical line of defense, especially against APTs exploiting public-facing applications.
Dodging favored APT tactics
Looking at more advanced security measures, anti-data exfiltration should be a priority.
This is particularly important with espionage being an increasingly common motivation among state-backed APTs.
Vigilance in monitoring unusual access to cloud storage platforms likeGoogleDrive, SharePoint, and ShareFile is also essential.
Rapid7 also noted a rampant abuse ofMicrosoftOneNote for spreading malware, predominantly through phishingemails.
Blocking .one files at the perimeter or email gateway will help curb this threat.
Prioritizing web link-edge gear security is another key strategy.
Devices such as VPNs, routers, and file transfer appliances should be on a high-urgency patch cycle.
We’ve featured the best malware removal.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc.
If you are interested in contributing find out more here:https://www.techradar.com/news/submit-your-story-to-techradar-pro
