Go to Content

Blog

José Ramos
Cybersecurity Analyst at .PT
12-05-2022
Cybersecurity should not be taken lightly
There is a doctrinal challenge that must be discussed in all its aspects and spaces: the implementation of technologies and procedures related to cybersecurity takes time and requires a lot of effort. We must be aware that the trend is clear as regards the increase in threats in the coming years. This scenario is only possible thanks to the constant advancement of technologies, growing digitalisation and the increase in the number of networked devices. The security perimeter is constantly growing and this can have consequences for all types of organisations in general, and each of us in particular. 

It may not seem like it, but more than technical skills and technological tools, motivation is the main characteristic that will make the difference in the success of a cyberattack. For example, there are countries motivated to attack Portugal because it is a country apparently more vulnerable than other NATO members. It is an old technique that consists of observing the perimeter of the target to be attacked to identify more vulnerable partners. In November 2018, Portugal suffered a cyberattack on its defence systems, apparently coming from Russia. Supposedly, this attack allowed the attacker to enter the national defence computer systems and subsequently perform a data exfiltration. 

Among the most commonly used techniques are phishing, APT (Advanced Persistent Threat), and the Cyber Kill Chain, a very common methodology in cyber attacks.Phishing consists in tricking users to obtain confidential information. In turn, the Cyber Kill Chain methodology can describe the stages of a system intrusion, map attack indicators, identify patterns in intrusions and understand the nature of information gathering. With the advancement of technology, new threats have emerged with the aim of taking advantage of economic, political or military advantages. This new class of threats has been called an Advanced Persistent Threat (APT). An APT is considered an advanced threat because it is targeted, coordinated and objective; persistent because it can be repeated and replicated over time; and it is a threat because it originates from people with the intent, skills and opportunities to do so. Most organisations focus risk analysis and mitigation on automated malware detection, not on the approach of stopping an attack using an APT. The risk response to an APT fails by attempting to mitigate this threat as if it were a conventional incident.

From an offensive security perspective, understanding the methodology of APTs will help identify or mitigate threats at any stage of the attack. The earlier the threat detection and mitigation is done, the less successful the attack will be and the loss to the organisation. Defence against an APT will need to address and understand each stage of an attack, avoiding it if possible. If not, all information about subsequent steps should be gathered and analysed to avoid them if possible.

Attackers have become more efficient and data has gained increasing interest and value. We are all eligible for a cyberattack, so we should consider cybersecurity in our personal and professional lives.



Please note: the articles on this blog may not convey the opinion of .PT, but of its author.
Back to Posts