Advanced Evasion Techniques & Advanced Persistent Threats

January 27, 2014

Advanced targeted attacks (ATAs), sometimes called advanced persistent threats (APTs), have gained the attention of security staff as a real threat and one that requires a new response mechanism. An APT is a network attack in which a hacker infiltrates your network undetected in order to steal data.

An APT attacker often uses some type of social engineering, such as spear phishing, to gain initial access to the network through legitimate means. While regular email phishing is not typically sophisticated, spear phishing can appear to come from a friend, family member, co-worker or business partner, establishing trust with the recipient. The cleverly crafted spear phishing emails usually contain links to websites that are infected with malware. Since the recipient trusts the sender, they trust the link, which results in a user unknowingly downloading malware onto one of your networked devices.  

Once initial access has been achieved, the attacker establishes a back door for ongoing network access. The malware will hunt for valid user credentials and move laterally across the network, installing more back doors. An APT may be in place for weeks or months, undetected by network administrators, silently syphoning sensitive data out of the organization.

Advanced evasion techniques (AETs) are used by well-resourced, motivated attackers as part of an APT. Not an attack by itself, the bits of code in the AET are not necessarily malicious. The danger is that it provides the attacker with undetectable access to the network. AETs utilize a combination of known evasions, such as encrypted packets, and deliver them simultaneously across multiple protocols. AETs are a means of disguise, allowing an intruder to bypass security detection during a network-based attack. More than 800 million combinations and modifications of AETs have been identified to date and are capable of changing dynamically even during an attack.  Once inside, AETs reassemble to unleash malware and continue the APT attack.

The McAfee Security Connected architecture is designed to deliver protection against today's most sophisticated, evasive threats. Our McAfee Next Generation Firewall is the only solution that can detect AETs by normalizing traffic for inspection on all protocol layers, and stop AETs before they infiltrate your network.  McAfee Advanced Threat Defense combines low-touch antivirus signatures, reputation, and real-time emulation defenses with in-depth static code and dynamic, malware analysis — sandboxing — to analyze the actual behavior of malware. Our comprehensive threat protection rounds out our broad portfolio to protect even the most stringent security-conscious customers.