- Products
-
ProductsPlatform
- ShadowPlex Advanced Threat Defense
Deception for early detection of cyber threats with precision and speed
- ShadowPlex Identity Protection
Visibility, management and protection of identity stores and attack paths
- Acalvio Active Defense Platform
Comprehensive and Award-winning Distributed Deception Platform
- What is Active Defense?
Active defense detects and diverts attacks.
- Why do I need Acalvio Active Defense?
Active Defense deceives and disrupts attackers.
- ShadowPlex Advanced Threat Defense
-
- Solutions
-
Technology SolutionsIndustry Solutions
- Breach Detection
Active Defense for breach detection and response, both in on-premises and cloud workloads
- Identity Threat Detection & Response
Visibility into Identity attack surface and effective detect & respond solution for identity attacks
- OT / ICS Security
Passive and low-risk agentless solution that is easy to deploy
- Active Directory Protection
Visibility into AD attack surfaces and detection of AD Attacks
- Threat Hunting
Active threat hunting, based on targeted deception, to confirm hunting hypothesis
- Ransomware
AI-Driven Advanced Deception Technology to combat even zero-day Ransomware
- Honeytokens for CrowdStrike
Honeytokens are deceptive credentials and data that are embedded in legitimate assets
- Zero Trust
Zero trust is a security model that assumes that no one inside or outside of the network can be trusted
- Public Sector
Targeted solution for protecting Federal agencies in conformation with NIST and CISA recommendations
- Healthcare
Active defense solutions thwart healthcare attacks before they can inflict real damage.
- Breach Detection
-
- Resources
- Partners
- Company
APTs
What are APTs?
APTs, or Advanced Persistent Threats, refer to highly coordinated cyberattacks conducted by skilled threat actors, often with significant resources at their disposal. These can be state-sponsored groups, advanced criminal organizations, or other entities capable of executing complex and targeted attacks.
Here’s why an APT is said to be advanced and persistent:
- Advanced: The attackers have sophisticated levels of expertise and utilize a range of techniques and tools, some of which may be custom-built. This includes utilizing zero-day vulnerabilities, advanced malware, and other high-level techniques.
- Persistent: Unlike smash-and-grab attacks that are over quickly, APTs often remain in the target’s system for an extended period. This persistence allows them to carry out their objectives over time, such as stealing information or laying the groundwork for future attacks.
What are the stages of an attack by an APT group?
An APT attack can be broadly divided into the following stages:
1. Reconnaissance: Gathering information about the target to understand vulnerabilities, systems, network architecture, and so on.
2. Initial exploitation: Gaining a foothold in the system, often through social engineering, exploiting vulnerabilities, or other means.
3.Establishing presence: Installing malware or other tools that allow ongoing access to the system.
4.Privilege escalation: Gaining higher-level access within the system to move freely and access more valuable resources.
5.Data exfiltration: Stealing valuable information, such as intellectual property, personal data, or financial records.
6.Covering tracks: Erasing or altering logs and other traces to avoid detection.
7.Creating avenues for future attacks: In some cases, APT actors might create backdoors or other means of re-entry for future attacks or other strategic purposes.
Typically, APTs are difficult to detect and defend against because of the level of sophistication and the targeted nature of the attacks. They often require a comprehensive, multi-layered defense strategy, along with constant monitoring and collaboration with other organizations to share threat intelligence.
Apex predators are a subset of APTs in terms of the overall tactics, techniques, and procedures (TTPs) that they follow. Their targets include governments, critical infrastructure, large corporations, financial institutions, and others with high-value information or strategic importance.
Examples of Advanced Persistent Threats
The following are some examples of well-known APTs:
- Storm-0558: Storm-0558 is a Chinese hacking group that has been active since at least 2020. The group is known for its use of spear-phishing attacks and its ability to steal sensitive data. In July 2023, Microsoft reported that Storm-0558 had breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies.
- BlackCat: This is a new ransomware-as-a-service (RaaS) that is quickly gaining popularity. It is known for its destructive capabilities and its ability to evade detection.
- Conti: This is a long-standing APT that has been active since 2017. It is known for its use of spear-phishing attacks and its ability to steal sensitive data.
- Lazarus Group: This is a North Korean APT that is known for its attacks on financial institutions and government organizations.
- MuddyWater: This is an Iranian APT that is known for its attacks on energy companies and other critical infrastructure.
- Sofacy Group: This is a Russian APT that is known for its use of zero-day exploits and its ability to target government and military organizations.
How can Acalvio protect against attacks by APTs?
The Acalvio ShadowPlex platform provides advanced features for proactively managing the attack surface, detecting and responding to incidents, and hunting down threats in the network. Active Defense based on Acalvio’s patented deception technology features enables Security teams to proactively manage the attack surface in the network, and deploy deceptions that fool attackers into announcing their presence while deflecting them away from real assets. Seamless integrations between Acalvio and the other security solutions that are deployed in the organization ensures that response actions and notifications are automatically initiated.