Late in March, cybersecurity researchers discovered a new advanced persistent threat originating in Lebanon that targeted a wide swatch of industries in close to a dozen countries.
According to IDG News Service, the APT is currently known as Volatile Cedar, and it has been targeting hundreds of different organizations since 2012. The malicious actors behind this threat have been able to avoid detection for so long by avoiding the typical tactics hackers use like spear phishing and instead opting to exploit vulnerabilities in Web servers. Once a hole was found, hackers then wormed their way in and were capturing login information and other bits of sensitive data from affected organizations for years.
Volatile Cedar remains yet another example of APTs causing havoc, and while this style of threat is now close to a decade old, it remains a common problem for organizations around the world. According to a 2014 report from ISACA, of the 1,500 global IT professionals polled, 92 percent said APTs remain a serious threat and 20 percent said their organizations had been targeted by one. Furthermore, 63 percent of respondents thought that it would be just a matter of time before their organizations were negatively impacted by an APT.
However, while many IT professionals readily admit that APTs are a major problem, a significant number of organizations are not doing enough to effectively mitigate the threat it poses. According to the ISACA report from last year, close to 95 percent of respondents rely on antivirus and/or anti-malware software to stop APTs. But as Volatile Cedar illustrates, hackers often have no problem bypassing such tools and implanting malware onto a system undetected.
Instead of relying on perimeter-based defenses for prevention of known threats, organizations should turn to a managed SIEM solution with continuous monitoring to increase detective defenses. That way, companies can reduce detection time and costs to spot APT activity and take steps to quickly clamp down on the issue.
Cybersecurity news and analysis brought to you by Arctic Wolf, inventors of FireBreak detection and response security services. FireBreak, when your firewall fails.