How Cyber Attacks Compromise Your Network
Attackers know exactly what they want and how traditional network security fails
Cyber attacks have changed. Broad, scattershot attacks designed for mischief have been replaced with advanced persistent threats focused on acquiring valuable data from an organization. Modern cyber attacks are often conducted across multiple vectors and stages. The have a plan to get in, signal back from the compromised network, and extract valuable data despite network security measures.
Traditional defense-in-depth security measures, such as next-generation firewalls, antivirus (AV), web gateways and even newer sandbox technologies only look for the first move—the inbound attack. Advanced cyber attacks are designed to evade traditional network security.
Cyber Attacks Exploit Network Vulnerabilities
Next-generation cyber attacks target specific individuals and organizations to steal data. They use multiple vectors, including web, email, and malicious files and dynamically adapt to exploit zero-day and other network vulnerabilities.
Advanced cyber attacks succeed because they are carefully planned, methodical and patient. Malware used in such attacks:
- Settles into a system
- Tries to hide
- Searches out network vulnerabilities
- Disables network security measures
- Infects more endpoints and other devices
- Calls back to command-and-control (CnC) servers
- Waits for instructions to start extracting data from the network
By the time most organizations realize they've suffered a data breach, they have actually been under attack for weeks, months, or even years. Most traditional defense-in-depth cyber security measures, such as AV or next-generation firewalls, fail to use signature- and pattern-based techniques to detect threats, and don't monitor malware call backs to CnC servers.
Advanced cyber attacks take many forms, including virus, Trojan, spyware, rootkit, spear phishing, malicious email attachment and drive-by download. To properly protect against these attacks, defenses must monitor the entire life cycle of the attack, from delivery, to call backs and reconnaissance, to data exfiltration.
With Adaptive Defense, FireEye monitors the entire life cycle of advanced attacks to help organizations detect, analyze, and respond to cyber attacks.