Understanding Multistaged Threats

Hackers have been building and launching multistaged threats for years as they attempt to seek out the most readily available weak points in existing IT defenses and use privilege escalation techniques to gain access to organizations’ most closely guarded systems and information.

In recent years in particular, as organizations have tightened their perimeters and major software vendors have worked to improve the security of their products, attackers have moved to launch “slow and low” threats including so-called Trojans, downloaders and botnets that bring new levels of technical sophistication to this process -- making it even harder for organizations to block every potential pathway that cyber-criminals may utilize to find their way to your most valuable assets.

Broader is Better

For starters, most hackers are no longer satisfied to target merely one area of your infrastructure to assault during the initial stages of their attacks, and then simply give up if that technique fails to bear fruit. Attackers are building targeted, multi-pronged threats that simultaneously work to exploit everything from web applications vulnerabilities to email users who might swallow the bait and fall for social engineering ploys.

Some of these attacks are designed to assail a wide number of potential vulnerabilities that have been discovered in particular applications or systems until they find a way in, while others pull together multiple threat vectors to slowly deliver their payload over time. Either way, security researchers agree that cyber-criminals are spending more time than ever before studying organizations’ infrastructure before they launch their attacks, and building their threats to pursue an increasing range of potential targets.

The Inside Pivot

Once an attacker has found any method by which they can circumvent your organizations’ defenses, the fight has truly begun. Even though the initial application or system that has been successfully exploited may not serve in a critical function, or have a direct connection to sensitive date, many attacks are designed to branch out and try to find a way further upstream.

A growing proportion of today’s most widespread attacks, including Trojans, downloaders and botnets, have been purpose-built to operate quietly to evade detection once inside your network, and sit in the background waiting for the right opportunity to deliver their subsequent payloads. Some malware programs have onboard capabilities designed to escalate their effects over time and move from one vulnerable system to another, and others reach back outside your network to pull in additional attacks -- in many cases expanding their scope based on knowledge gained directly from assessing your infrastructure on the inside.

The larger effect is that more attacks than ever before are being manufactured with the specific intent of finding a relatively minor crack in your organization’s defenses and using that vulnerability to establish a beachhead from which they can further pursue your critical resources.

How CORE IMPACT Addresses Multistaged Threats

The CORE IMPACT family of software solutions directly addresses the problem of multistaged threats in a manner that no other technology can provide.

In addition to finding vulnerabilities and testing the potential for an attack to navigate its way into your environment, CORE IMPACT Pro is the only product to simulate multistaged attacks by integrating network security testing with endpoint, web application and email user testing.  It also offers the industry’s only exploit replication that actively mimics hackers’ threat escalation techniques and can pivot from one available system to the next.

During its Privilege Escalation step, CORE IMPACT attempts to penetrate deeper into a compromised system by running local exploits in an attempt to obtain administrative privileges. After Privilege Escalation, you can target your test directly at one of the newly compromised systems and establish a beachhead from which to run attacks deeper into the network.

The product can also tell you if successful attacks can communicate back to controllers on the outside, and you can use information harvested from compromised employee databases to launch convincing internal spear phishing tests.

By simulating mutlistaged threats in their many complex iterations, CORE IMPACT Pro truly arms your organization with the power to identify your most significant vulnerabilities and assess their severity -- just as a real attacker would.

Security Testing Webcasts

• 11.20.2008
  Validating Network and Endpoint Vulnerabilities with CORE IMPACT Essential
  

• 11.19.2008
  "Zen and the Art of Maintaining an Internal Penetration Testing Program" with Paul Asadoorian
  

Core Security White Paper

Moving Beyond Security Point Solutions
Learn why real-world security testing is the best way to assess overall readiness against complex IT threats.

• View the white paper 

Success Story

"We found some holes that people missed in the remediation. In that one case alone, the value we got back far exceeds what we spent."
Robert Maley
CISO
Commonwealth of Pennsylvania

• Read the full story
• View other success stories
• View more customers