Kaspersky Lab has enhanced its APT Intelligence Reports with contextual information related to advanced persistent threat (APT) actors and added mapping to the MITRE ATT&CK threat model for previously discovered attacks.
These improvements help security operations teams subscribed to the APT Intelligence Reporting service better understand adversaries’ goals, techniques and capabilities.
This allows them to connect incidents with a threat actor, to improve their understanding of the motivation behind a specific attack. Teams will also be able to predict the attacker’s next steps, to better protect themselves from future incidents.
Cybercriminals are constantly improving their sophisticated hacking techniques to compromise organisations.
According to Kaspersky Lab’s 2018 IT Security Risk Survey, enterprises identified targeted attacks as the most expensive type of cybersecurity incidents, with an average cost of US$1.11m.
Combating APTs requires not only cutting-edge security solutions but also access to the most comprehensive and constantly updated threat intelligence. To help security operation teams stay ahead of the latest targeted attacks, Kaspersky Lab has updated its APT Intelligence reporting service to provide more contextual information on APT actors, campaigns and their tactics, techniques and procedures.
The APT reports from Kaspersky Lab now provide an overview of each APT group, including country of origin, aliases, list of previous targets and victims, as well as the typical tools and descriptions of past campaigns. The reports also include links to additional resources, specific Indicators of Compromise (IoC) and YARA rules, to help organisations detect these attacks.
Previously discovered APT campaigns are mapped to MITRE ATT&CK, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Experts break down the attacks into several phases in accordance with the PRE-ATT&CK and ATT&CK Enterprise matrixes, showing which tactics and techniques were leveraged at every stage.
It complements Kaspersky Lab’s own descriptive methodology, which divides a targeted attack into infection vector, implants and infrastructure phases, to provide a high-level understanding of the threat context suitable for c-level executives.
Sergey Martsynkyan, Head of B2B Product Marketing at Kaspersky Lab, said: “Fragmented data about advanced cyberattacks makes detecting them difficult for security operation teams. To change this, we collect, analyse and provide the most comprehensive and relevant information on APT campaigns.
“With the help of the MITRE ATT&CK framework, we can now show additional angles and context for these operations. All this helps organisations detect and predict future threats in the most efficient way.”