Do you notice when things change… slowly?
LAS VEGAS — Two researchers peeled back the curtain on targeted malware today at the Black Hat Briefings, demonstrating examples of attacks that relied on a variety of hacks, ranging from zero-day PDF attacks to memory-based rootkits. In each of the four examples, the attack was specially crafted to beat the target company, and new layers of functionality were added to the malware to either beat detection protections already in place, or frustrate network security forensics investigators.
“Customization of malware is the key,” said one of the presenters, Nick Percoco, senior VP at Trustwave’s SpiderLabs, the Chicago-based forensic company’s security research arm. “Also, slow and steady wins the race for today’s attackers. They’re not in it for quick and dirty hacks. Persistency is the key; they have to get in and maintain the attack,” Percoco said.
Targeted, persistent attacks have been prominent this year, starting with Google’s admission that it, along with more than 30 other technology companies, large enterprises and defense contractors, had been infiltrated by attackers from China using sophisticated attacks to quietly siphon sensitive data. The attacks also introduced APT, or advanced persistent threat, into the security lexicon.
While targeting may be gaining more prominence, the means by which attackers are getting into enterprises aren’t much different than they were 18 months ago. Keyloggers, network sniffers and memory-dumping rootkits are still in vogue; the newness is in the way attackers are covering their tracks in order to maintain a persistent presence inside an organization.