Should Businesses Be Concerned About Nation-State Threats?

  • With malware increasingly adopting the “as-a-service” business model, Advanced Persistent Threat (APT) groups that have traditionally been state sponsored, may see tremendous value in using the business model as well.

  • Organizations of all sizes and verticals should consider evaluating and updating their threat models to include APTs, or risk falling victim to data breaches and industrial espionage.

After testing several leading vendors , independent testing organization AV Comparatives on December 8 released its Enhanced Real-World (Advanced Threat Protection) Test for Enterprise products, recognizing Bitdefender as the only cybersecurity vendor to prevent all advanced threats from gaining a foothold into an organization. Bitdefender was also the top vendor in this test for identifying an attack at the pre-execution stage, which is highly significant as early attack detection minimizes the threat risk to an organization.

For the second year in a row, Bitdefender antivirus, a critical layer for threat prevention, is the only vendor to achieve a perfect score, towering once more over competing security vendors in protecting against sophisticated malware and advanced persistent threats.

Bitdefender uniquely detects advanced attacks during the early phases, with zero false positives, by relying on over 30-patented technologies ranging from machine-learning-based attack detection, file-less attack defense, and network attack defense. These proprietary technologies let enterprises  significantly reduce any potential impact an attack might have on their infrastructure. 

Bitdefender has placed first in 55 percent of all real-world protection, malware protection and performance tests conducted between 2018 and 2020 by AV-Comparatives – significantly ahead of the next competitor.

With test cases covering Tactics, Techniques, Procedures (TTP) listed by the MITRE ATT&CK framework, Bitdefender GravityZone successfully protected systems against common APT threat tactics and tools that mimic real–world sophisticated threats. This further speaks to Bitdefender’s ability to help protect across the full range of threats, including APTs.

What are APTs and Why Does This Test Matter?

The term “APT” is often used to describe targeted cyber-attacks using a powerful and complex set of tools aimed at penetrating public or private infrastructures to spy, exfiltrate data, or even sabotage systems. While traditionally associated with state-sponsored actors, the commoditization of highly specialized tools, obfuscation services, and fileless malware seems to have caused the emergence of APT mercenaries – or APT-hackers-for-hire – which drastically changes threat models for companies.

Whether for politics, finances, or ideology, APTs target organizations of all sizes and all verticals using Advanced Tactics and Techniques (ATTs). For instance, one of the most popular sub-techniques (T1059.001) of the Command and Scripting Interpreter tactic, involves the use of PowerShell commands and scripts (52.52 percent of all reported sub-techniques), according to Bitdefender business telemetry.

With 63 percent of CIOs and CISOs agreeing that APT attacks are a threat to their organization, and 37 percent saying they have seen an increase in APT/cyberespionage attacks, security decision makers clearly lose sleep over the prospect of having their infrastructure compromised because of these sophisticated attacks.

It is not a matter of “IF” your organization will face an APT-style attack, but a matter of “WHEN”, which is why businesses should be concerned. As we have witnessed recently from a highly publicized breach, no business or industry is immune. Even security providers themselves are at risk.

However, tests like the “Enhanced Real-World Test” from AV-Comparatives can help organizations understand which security solutions are the most efficacious at protecting systems against these types of attacks, during everyday use. While MITRE tests are mostly focused on offering visibility into the attack chain using “log only” mode to map sophisticated attacks and provide that intelligence to security teams, the “Enhanced Real-World Test” from AV-Comparatives focuses on actually blocking APT attacks, regardless of the stage of the execution at which they’ve been detected.

The ATP Enterprise testing performed by AV-Comparatives augments MITRE’s framework by providing an independent and objective comparative analysis of the effectiveness of security vendors in protecting against APTs. “We also note that ATT&CK Test does not provide a final scoring or ranking system; rather, it provides raw data for analysis,” reads the report from AV-Comparatives.

Security without Compromise

Ransomware attacks, data breaches and cases of insider threats and cyberespionage continue to make headlines. Although good prevention technologies address 99 percent of threats before they can compromise an organization, the remaining one percent keep CISOs up at night. So should the average business be concerned, or are state-sponsored APT attacks merely the means to spread fear, uncertainty and doubt?

Whatever you decide, having the best-of-breed security solution that protects your organization’s systems during everyday use even against that last onepercent of threats is always best security practice. Cyber resilience and a strong security posture are also more than just deploying strong prevention technologies and the means to block fileless attacks, but also turning to MDR solutions. This dichotomy, in which one cannot be present without the other, offers the best of both worlds in terms of security: protection against advanced threats and the expertise to continuously detect, respond to, and prevent sophisticated attacks.