When asked to describe the current cyber threat landscape, one of the more balanced and objective answers might be that threats are "hiding in plain sight." Today's advanced cyber threats use applications as their infiltration vector, exhibit application-like evasion tactics, and act as, or use common network applications for communications and exfiltration.
One needs to look no further than the recent high profile attacks to support this description. Today's attacks are hiding in plain sight and use applications such as FTP, RDP, SSL, and netbios to achieve their objectives.
These applications were found on nearly every network we analyzed and it's evident they have now become a favorite vehicle through which attackers can mask their activities.
This white paper provides an overview of:
- The relationship between threats and their application vectors;
- The Heartbleed ramifications;
- Recommendations for eliminating potential hiding places for cyber threats.