Fortinet discusses harms of APTs and importance of The Cyber Kill Chain 

As the current pandemic continues to drive the growth of digital innovations, organizations worldwide, including small and medium businesses (SMBs), are still trying to explore the ins and outs of their digital transformation, making their businesses more vulnerable to cyberattacks. 

In Southeast Asia, only 67 percent of institutions and businesses only have the essential software and application as a form of cybersecurity to combat these attacks, says a recent report released by the International Data Corporation (IDC).  

To give further insight and offer solutions to strengthen businesses’ cybersecurity, Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, held a webinar titled Advanced Threat Protection: Security Fabric and the Cyber Kill Chain, to bank executives and other organizations that tackled advanced persistent threats (APTs) in systems and networks, mechanisms of ransomware, and how it can be identified and prevented in their day-to-day operations.  

APTs vs. Ransomware: What’s the difference? 

Hans Dominic Javier, Channel Systems Engineer of Fortinet Philippines, said that APTs are attacks in the system done secretly over a long period to gain illegal access in a company’s network to gather critical or confidential information using innovative and creative methods. Ransomware, on the other hand, is categorized as malicious software used to extort money from individuals or companies in return for their sensitive data which have been encrypted and are inaccessible. 

“APTs and Ransomware could be acquired in many ways. Some of the more known methods of gaining entry or users acquiring such malicious content are through drive-by downloads when you click a link unsuspectingly when you visit a particular website, phishing emails, or even malvertisements,” Javier discussed. 

Ransomware often targets SMBs or large enterprises, healthcare, financial services, state and local governments, socially visible employees, and even operational technology that exhibit ease of entry in the network, a possibility of payment, and then payout. 

Fortinet Philippines’ Systems Engineering Manager Nap Castillo added, “there were organizations in the Philippines who reported that they were hit by ransomware in 2020. The State of Ransomware in 2021 Report even revealed that organizations in the Philippines spent approximately PHP 40 million to recover from these attacks.” 

The Cyber Kill Chain  

Javier noted that as cyber attacks rise and significantly evolve, leaving networks and systems defenseless against attackers, a defense framework, called Cyber Kill Chain, was developed to help identify and prevent illegal cyber intrusions.  

There are many threats out there coming from all sorts of areas, and combatting the cyber kill chain requires specific skills. If we look at the seven steps of the cyber kill chain—reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions—we can shine the light on the processes and use that as a roadmap to see what kinds of skills we need to develop to thwart each step. 

The seven steps of the cyber kill chain can be broken down into three stages of attack. First, attackers will conduct reconnaissance by selecting a company and conducting surveillance such as gathering email addresses and other relevant information. Next is the weaponization of this information, by developing a customized attack such as embedding a specific malware in a document that is disguised legitimate company documents, or directly hosting on a compromised domain to deliver in a payload.  

In the second stage, the focus is on delivery methods. Some ways that attacks are transmitted include through email attachments and embedded URLs to compromised websites. Even possibly  via USB and other means that would reach the target. Next is exploitation, which is finding weaknesses in the system and performing the attack through application or system vulnerabilities and the installation of malicious applications in the network directly.  

Lastly, confidential data are being taken in the command & control stage. This is when intruders gain full control to manipulate the system. During the breach, attackers then carry out actions on objectives such as data exfiltration, when attackers trying to export, edit, delete, or encrypt important files or information.