Advanced Persistent Threat – A successive type of attackAn Advanced Persistent Threat is based on very sophisticated (advanced) techniques of attacking, and the criminal activity continues for a long period of time (persistent). It‘s a long-term undetected spy attack. The progressive infiltration of a company on a digital and personal level is associated with a great deal of effort from the cyber criminals. A background check of the victim is carried out initially. The next step involves initial approaches of a more subtle nature. It is therefore not uncommon for the attacker to appear in the form of a potential business partner or employee. If the attacker has a regular opportunity to enter and leave the company, it is only a matter of time before he can implement his tools on individual computers or the entire network in order, for example, to steal sensitive data of a company or even a group in the final phase. Welcome to the Age of Economic Espionage 2.0 by the Advanced Persistent Threat. Conventional security concepts, such as antivirus, firewalls and so on, are by far no longer sufficient to deal with Advanced Persistent Threats. The same applies to the monitoring of data traffic, for example via intrusion detection. Again, further protective measures must be taken into account, which need to be much more complex. In the following, Hornetsecurity will show you 5 concrete steps to protect your company from an Advanced Persistent Threat:
1. Realtime MonitoringIn order to defend yourself from exploits, targeted phishing attacks or special forms of Advanced Persistent Threat, you should perform a comprehensive analysis at all times in your organization. Only in this way you will have the opportunity to recognize suspicious technical processes at an early stage and counteract them in a timely and effective manner.
2. Stay up-to-dateCentral databases that collect and analyze cybercrime activities worldwide can help you keep an eye on current threats, which are caused by Advanced Persistent Threats.
3. Data Leak PreventionAn employee tries to open files for which he has no authorization? Recognize and prevent first irregularities before it is too late and the company’s internal data reach the hands of third parties by electronic means.
4. Creating Isolated Company EnvironmentsThe magic word for this form of protection is “sandbox”. What is meant in principle is a test environment, which is disconnected from the main system, so that files which represent a potential risk can be opened in an isolated area without causing sensational damage. Advanced Persistent Threats can also be contained in this way.
5. Pattern RecognitionIt is of particular relevance that you use applications, which reliably monitor your network traffic, but at the same time can also limit the network if any abnormalities occur. This applies to unauthorized access, but also for the detection of malicious software, which is usually not used in companies. In this way you, as a business, can already rely on a solid foundation to protect yourself against Advanced Persistent Threats.
A central promise of our Managed Spam Filter Services is to protect our customers from malicious mails. Especially the automatic detection of spam and malicious software has rapidly gained importance in recent months – Locky, Tesla, Petya and co. send their regards! The Content Filter is an additional, customizable protection. Customers can use it to independently control the handling of attachments contained in incoming and outgoing emails. The maximum file size for attachments can thus be set – although the Content Filter’s ability to detect certain types of file extensions is much more important. This allows administrators to define specific file extensions, thus preventing the delivery of an email with the relevant attachment.Specifically, this means: If an IT manager wants to prevent their email users from receiving attachments with the .exe extension, they need only enable the Content Filter (if not already activated) and enter .exe into the open field. As a special service and for ease of use, we have set up several group extensions to provide improved protection in all the default settings: .executable, .mediafile, .xlsmacro and .docmacro. If, for example, “.executable” is specified, the Content Filter automatically blocks 58 extensions of executable files. This group extension is continuously maintained and kept up to date in order to always ensure the highest possible protection. The extension .mediafile, for example, can be used to filter out files with the extensions .wav, .mp3, .mid. mpg and several others. The two other collective terms are specifically designed to retain macros in Excel and Word files, which often transmit links to blackmailer viruses. The Content Filter can incidentally be configured for the entire domain as well as for specific groups within a domain. If not already enabled, we thus urgently advise all customers and partners of Hornetsecurity to activate the Content Filter free of charge and add the file extension “.executable” to their list of files to be blocked. They can ramp up their protection another notch by doing so. The screenshot shows how this is done. Note: This blog post was first published in April 2015 and has now been updated and adapted to the new ransomware threats.
A central feature of Hornetdrive is the smooth, quick exchange of files between users. The company GROHE found an interesting use for the centralized control and distribution of its marketing materials to showrooms and sales representatives. INITIAL SITUATION GROHE, a leading German manufacturer of sanitary fittings, equips several showrooms with an iPad as part of a project. In addition to marketing videos and product information, it also provides selling points to guide the staff working in the showrooms. Several sales representatives also own iPads for their professional activities. Marketing materials had traditionally been provided via an enterprise application on the mobile devices. The problem: This software required an Apple license that had to be renewed annually and could only be installed by GROHE itself. The company thus had to collect all the iPads once a year to install a new version of the materials and the app and then send them back to the showrooms. It was thus impossible to make spontaneous changes to the product information. To put an end to this complicated and time-consuming procedure, GROHE looked for an alternative. SOLUTION With Hornetdrive, digital content can be distributed within seconds – to computers and mobile devices anywhere in the world with an internet connection. The user first loads all the files to be distributed onto the Hornetdrive cloud, from where they are then automatically synchronized with all access-authorized devices. For people who are not members of the respective drives and therefore do not have permission to access the data, the files are useless because they are encrypted locally before uploading. Multi-rights management can be used to assign users different permissions, facilitating easy control of the content’s usage and editing. The German company Hornetsecurity – the provider of Hornetdrive – operates the service exclusively in German data centers and in compliance with the German Data Protection Act. RESULT In Hornetdrive, GROHE found a service that allowed the company to distribute its marketing information to the iPads of its showrooms quickly and easily, without the bothersome annual recall of iPads. All showrooms with internet access can now install Hornetdrive, and then GROHE invites them to use the drives in which the content is found. At the same time, they are given a “read only” authorization, so that they cannot change or delete content and GROHE thus keep the control over product videos, data sheets, and so on. The company can also control updating of the materials from a central location – it simply inserts a new file into the drive and the iPads are immediately synchronized and brought up to date. And GROHE was satisfied with Hornetsecurity as a German provider because the data is fully encrypted and this is done in Germany.