Advanced Persistent Threats: A Growing Concern for ASEAN Companies

Are you worried yet about cybersecurity?

You should be.

Ransomware. Data breach. Malware.

These should be reasons enough to be concerned about your security architecture.

Advanced persistent threats should make you worry even more.

An Advanced Persistent Threat (APT) is a sophisticated cyber attack carried out over an extended period of time, primarily to gain unauthorised access to an organisation’s sensitive information, like intellectual property, financial data, or confidential information.

But, unlike other kinds of cyber attacks, APTs are highly targeted, which simply means they are used against specific organisations or individuals. The initial intrusion in this case occurs through social engineering and fileless malware, which cybercriminals use to gain access and exploit vulnerabilities in the victim’s network.

“APTs are highly concerning for organisations because they are often difficult to detect and may go unnoticed for extended periods of time,” noted Jeff Castillo, Senior Regional Director at Infoblox Southeast Asia, in an exclusive interview with Cybersecurity ASEAN. “This can result in significant damage to the targeted organisation, including theft of valuable data, financial losses, and damage to reputation.”

A Problem More Common That You Think

While ransomware dominates headlines, APTs are actually a lot more prevalent than you think. Just consider these statistics:

• 34% of companies globally saw their reputation tarnished due to an APT attack.
• 68% experienced a targeted attack on their network, which directly resulted in data loss.
• 78% suffered downtime because of an APT attack.

Closer to home, Infoblox’s 2023 Global State of Cybersecurity Study found that APTs emerged as the second most prevalent attack method used against Singaporean organisations breached in 2022—surpassing ransomware. This should not come as a surprise, given Singapore’s standing as a key financial and business hub in Asia, which makes it an attractive target for cyber attackers looking to steal sensitive data or disrupt business operations.

Worse still is the presence of organised APT groups, like the so-called GoldenJackal, and state-backed APT organisations, such as those working for China and Russia.

Little wonder the Asia-Pacific region is expected to experience significant growth in the global APT  protection market, with an estimated revenue of over USD $8 million from 2022 to 2030. This growth is mainly attributed to continuous technological advancements in countries like China, Australia and Singapore, coupled with the rising frequency not only of APT attacks but also of cyber attacks in general.

Responding to the APT Challenge

In response, many organisations are investing in robust security measures that include firewalls, antivirus solutions, multi-factor authentication and encryption. In the past year alone, in particular, 67% of Singapore respondents reported their organisation added VPNs or firewalls, according to an Infoblox white paper.

While this response is encouraging, Castillo does not believe it is enough.

“These traditional security measures may not be sufficient against APTs, which often use sophisticated tactics to remain detected and continuously evolve to become more complex,” Castillo pointed out. “For example, this class of malware repacks frequently to defeat signature-based approaches such as antivirus programs. By exploiting the DNS protocol, this class of malware circumvents the protection of legacy IP firewalls, computer monitoring approaches, and web filters.”

And this, according to Castillo, is why it is imperative that organisations consistently evaluate their security posture, update their defences and invest in the necessary resources to stay ahead of APT attacks.

In particular, organisations must review the security capabilities of their existing DNS solution or services provider. The goal, in this case, would be to identify which security use cases can be supported by the solutions already in place. Afterwards, the organisation needs to implement DNS threat prevention and blocking capabilities—and, at the same time, monitor DNS traffic for other anomalies like data exfiltration.

Leveraging Threat Intelligence and Machine Learning in the Fight vs APTs

Ultimately, it is crucial that organisations use the latest technologies in cybersecurity. Two, in particular, that today’s enterprises need to put in the security arsenal are threat intelligence and machine learning. In fact, it is through innovations that solutions such as Infoblox’s BloxOne Threat Defense extend the value of threat intelligence on APTs with DNS-based security.

Protective DNS capabilities, in this case, analyses DNS traffic, identify potential threats in real time and blocks them. This prevents users from connecting to malicious destinations. In addition, DNS detection and response detect anomalous behaviour in the network, along with APT activity, botnet communications, DNS tunnelling and data exfiltration. It even monitors DNS traffic and uses machine algorithms to identify potential indicators of compromise. This then enables proactive threat detection and response that, when combined with the aforementioned capabilities, prevents various threats—including ransomware, phishing and look-alike domain use.

“Our Threat Intelligence Group also specialises in the discovery of threats in DNS data, with deep expertise in DNS and cyber threats, along with statistics, machine learning, intelligence analysis, software reverse engineering, network security and malicious spam detection,” said Castillo about what separates Infoblox’s solutions from the others out in the market. “Visibility into DNS across a wide range of organisations, combined with their skill set, allows them to discover suspicious domains before they are deployed and uncover anomalous behaviour, like low-profile DNS beacons, over time.”

Looking Towards the Future

Castillo anticipates that companies moving forward will keep investing in cloud-based infrastructure.

This means more hybrid- and multi-cloud environments, which would “create additional complexity and expanding attack surfaces,” according to the Infloblox executive.  This complexity and expanded attack surface, in turn, will require enterprises to adopt more comprehensive solutions that can provide security across multiple cloud platforms but under centralised management only to reduce potential complications.

“Organisations will look for solutions that offer a unified view and control over network access, ensuring optimised network performance and enhanced security. This integration will enable streamlined management and quicker response to security incidents,” said Castillo on how companies will protect their cloud environment. “Demand for expanded automation, real-time visibility and control over cloud workloads will also rise. Core services like DNS and DHCP will require unified experiences across multiple cloud platforms, enabling comprehensive visibility and control.”

Between the continuing rise of the cloud and the growing threat of APTs, there is a need to be even more vigilant when it comes to cybersecurity. And, in such cases, the unified approach explained by Castillo will be necessary to enhance an organisation’s ability to detect and remediate cyber threats associated with compromised devices, malicious URLs and servers across the company.

In short, it will be the way moving forward as enterprises look to fight back against potentially damaging APTs.