How to mitigate advanced persistent threats (APT) like Volt Typhoon
Advanced persistent threats (APT) infiltrate systems to gather valuable data over time. Here’s how to protect your org from APT groups like Volt Typhoon.
Oct 8, 2024 • 4 Minute Read
Mitigating conventional cyber threats is already hard enough. Protecting against advanced persistent threats (APT) can make security even more of a challenge.
The silver lining? You don’t need to change your security stance. In most cases, you can build on your existing security strategies for more comprehensive protection. Here’s how to mitigate APTs in your org.
Want all of the insights? Learn the preventative measures you can take to protect your org from Volt Typhoon and other APTs.
What are advanced persistent threats?
Like the name suggests, advanced persistent threats aren’t your run-of-the-mill cyber attacks. These complex attacks require careful planning and are designed for threat actors to gain access to a system and remain undetected for prolonged periods of time.
The goal of these attacks varies, but they typically aim to obtain information and use it for financial gain. As a result, large tech organizations, financial institutions, and government agencies tend to be particularly at risk for APT attacks.
Volt Typhoon: One advanced persistent threat example
One example of an advanced persistent threat group is Volt Typhoon. Volt Typhoon, also known as Insidious Taurus or Bronze Silhouette, is a China-based threat actor group. By exploiting vulnerabilities in public-facing edge devices (think routers and firewalls), they can gain access to organizations’ IT networks and obtain credentials. They’ve gone undetected for years because of their use of LOLBins, living off the land (local) binaries, or local binaries.
Learn more about Volt Typhoon and how to protect your organization:
How to prepare and protect your organization from advanced persistent threats
The best way to protect your organization from advanced persistent threats is with advanced persistent training. That starts with raising awareness about APTs, learning their warning signs, and knowing how to identify suspicious activity in your systems.
Build fundamental security skills
Defending your organization from APTs starts with a strong security foundation. All IT professionals should earn security certifications. Non-technical employees should have basic security knowledge and understand their role in preventing phishing, social engineering, and other cyber threats.
But you don’t want a cyber attack to be the first time your security professionals face a threat head-on. Provide hands-on labs and sandboxes for pros to gain experience identifying and protecting against simulated attacks.
Know the signs of advanced persistent threats
Advanced persistent threats are designed to lay low so threat actors can gather sensitive information over time. Because of this, APTs can be hard to detect. In fact, the average dwell time for advanced persistent threats is 180 days. Threat actors are spending six months in networks through the use of LOLBins!
Local binaries rarely raise an alert, but if you know what to look for, you can detect them. Knowing the potential APT warning signs is key to spotting them faster:
Unexpected data operations (such as large data transfers)
Unusual access or permission changes
Increased spear phishing and Trojan horse attacks
Use of administrative tools at the command line
Monitor command line activity
Once threat actors like Volt Typhoon gain initial access to your network, they attempt to gather and transfer data using the command line.
That’s why it’s so important to log and monitor command line activity. Create filters and alerts for suspicious command line activity like unauthorized scripts or accessing or using admin tools at odd times during the day.
Implement application whitelisting
Application whitelisting refers to creating a list of trusted applications and scripts. Only those you approve are allowed to run in your systems, preventing unauthorized or harmful activity.
Stay up to date with the latest cybersecurity threats
Advanced persistent threats often take advantage of the latest vulnerabilities. Staying up to date with the threat and vulnerability landscape can help you defend against APTs. As threats evolve, make sure your security policies take into account the latest attacks and security best practices.
Tools like the National Vulnerability Database allow you to find and fix vulnerabilities. Search for the systems and software you use, see if there are any known vulnerabilities for them, and then determine whether you can patch them.
Explore the 6 best cybersecurity tools to prevent cyber attacks.
Apply security best practices
Strengthening or enhancing your existing security posture is one of the best ways to mitigate APTs. Make sure your security strategy includes these practices:
Patch vulnerabilities: Regularly check for vulnerabilities and patch them as soon as possible to remove potential entry points for threat actors.
Set strong access control: Use comprehensive identity and access management, including role-based access and multi-factor authentication.
Use anti-phishing tools: APTs may use phishing, especially spear phishing, to gain a foothold in your networks. Anti-phishing tools can filter suspicious emails and add an extra layer of security.
Mitigate APTs with security skills and Zero Trust
Whether it's Volt Typhoon or another threat, when it comes to preventing advanced persistent threats, a Zero Trust approach will never steer you wrong. Strengthen your security fundamentals, stay up to date with the latest attacks (within reason), and always verify activity, identity, and authorization before granting access.
Discover more ways to defend your org from Volt Typhoon and other APTs.
Short on security skills in your org? Learn how to solve the cybersecurity skills gap.