Iconix Whitepaper – Defending Against Advanced Persistent Threats

Today Iconix released a whitepaper entitled, “Defending Against Advanced Persistent Threats.”

As the whitepaper describes, the United States, its allies and its industries are engaged in cyber warfare.  A leaked secret State Department cable describes a cyberwarfare attack:

Since late 2002, USG organizations have been targeted with social-engineering online attacks by BC [Byzantine Condor] actors. … BC actors typically gain initial access with the use of highly targeted socially engineered e-mail messages, which fool recipients into inadvertently compromising their systems [spear-phishing]. The intruders then install malware such as customized keystroke-logging software and command-and-control (C&C) utilities onto the compromised systems and exfiltrate massive amounts of sensitive data from the networks.

This cable describes the multi-faceted attack termed an “Advanced Persistent Threat” or “APT.”  Press reports state that China, using attacks built upon spear-phishing, has stolen terabytes of sensitive data — from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems.

It is critical that many layers of defense are used by organizations in the battles against APT.  Operating systems and browsers must be current and patched.  The latest software applications should be deployed with all patches installed in a timely manner.  State of the art security software should be deployed.  Systems should be monitored.  Staff must be trained.  But part of the solution is to realize that people respond to well-crafted spear-phishing emails.

When human factors are considered in the threat profile, human factors must be deployed in the defensive measures.  A tool is now available that uses human factors to identify trusted email so that the target of the spear-phishing attack can distinguish real email from fake email.  That tool is SP Guard from Iconix.

SP Guard modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard Inbox

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.

Your systems are under attack from clever and determined opponents employing Advanced Persistent Threats.  The opponents’ preferred method of the initial incursion into your systems is spear-phishing.  As has been demonstrated in numerous cases, that opponent is persistent – eventually an employee will respond to a carefully crafted email and that response will initiate a series of events that will result in cyber espionage. The attacks are crafted to avoid technical defenses (small email volumes that are “under the radar”, zero day exploits and other APT countermeasures).  The initial point of vulnerability is the person interacting with a compelling email.  Training is not effective in defending at the point of vulnerability.  At that point of vulnerability, SP Guard provides the person with a defense against the spear-phishing attack.

To learn more, visit us at http://www.iconix.com/business/spearphishing.php.


Comments are closed.