- Source|360
- Release time|2021-02-09
Recently, 360 Security Brain released the "2020 Global Advanced Persistent Threat APT Research Report" (hereinafter referred to as the "Report"). Based on the domestic and global cyber security construction, the report integrates 360 network security big data, 360 Advanced Threat Research's annual research report, and third-party public intelligence data, and judges the overall situation of global advanced persistent threats in 2020, presenting exclusive views and Security situation analysis reveals the future development trend of global APT.
Sea lotus, vine flower, rattlesnake, poisonous cloud vine... APT organization with complex background frequently moves;
Medical, military, aerospace... important domestic units are frequently attacked by the APT organization;
Epidemic topics, remote office, supply chain...APT attack techniques and tactics tend to be diversified and accurate;
In the era of APT "disaster", what plans will it take to prepare for it?
The "2020 Global Advanced Persistent Threat APT Research Report" shows that China is still the main victim of APT attacks in 2020, and attacks against my country continue to rise. The government, defense and military-related units are the key targets of attacks. Faced with the current complex network security environment, it is urgent to regard security as a prerequisite for development, and building a new generation of security capability system will become one of the necessary conditions for building the digital age.
"2020 Global Advanced Persistent Threat APT Research Report": A comprehensive inventory of APT attacks against China
Against the background that China has become the main victim of APT attacks, the report accurately focuses on APT attacks against China, traces the source behind the organization, and analyzes the threat situation of APT attacks.
(1) Four active regions: South Asia, Southeast Asia, East Asia and Eastern Europe
After a multi-dimensional comprehensive assessment of the activity of APT organizations in 2020, the report shows that APT attacks against China are most active in South Asia, Southeast Asia, East Asia, and Eastern Europe. The related attacks involve the Chinese government, education, and defense industry. Units, and attacks on IT vendors and the medical industry have risen sharply.
(2) Ten active organizations: aiming at government, enterprise and military research
In 2020, 360 Security Brain revealed a total of 23 APT organizations involved in global attacks, including 13 organizations that launched attacks against China, including 4 organizations that disclosed for the first time. After comprehensively evaluating the activity of related attacks, 360 Security Brain listed the TOP10 rankings of APT organizations that launched attacks against China in 2020. In terms of industries involved, APT attacks have shown a tendency to target government, enterprises, and military industries.
"2020 Global Advanced Persistent Threat APT Research Report": APT threats are increasing under the influence of the globalization of the new crown epidemic
The "2020 Global Advanced Persistent Threat APT Research Report" specifically pointed out that the threat of APT attacks has increased under the influence of the globalization of the new crown epidemic. 360 Security Brain data shows that up to now, 44 APT organizations with backgrounds in other countries have been discovered, and more than 3,000 national-level cyber attacks against China have been monitored. In 2020, 360 Security Brain disclosed a total of 23 APT organizations involved in global attacks, of which 13 targeted APT organizations in China, specifically involving 4 organizations that were first disclosed.
The report specifically emphasizes that APT attacks against my country continue to rise in 2020, and China is still the main victim of APT attacks.
At the same time, the global APT activities in 2020 present the following six major trends:
- Attacks against our country have continued to rise compared with last year;
- The globalization of the new crown pneumonia epidemic affects the trend of APT activities;
- Internet of Things equipment-APT's new combat readiness resource;
- Suppliers have evolved into safety shortcomings of the entire industry;
- Continued activities of APT attacks against mobile platforms;
- The confrontation between APT organizations and security agencies is getting fiercer
APT attack activities are frequent and active, and new trends are also shown in attack technology and tactics. The report shows that supply chain failure, creation or modification of system processes, process injection, command and script interpretation, system credential extraction, remote services, use of C2 channel leakage data, protocol channels, software detection, execution flow hijacking, etc., have become the current ten Big ATT&CK core skills and tactics.
At the same time, the report summarizes the characteristics of attack techniques and tactics in 2020 into five major characteristics:
Exploiting 0day vulnerability attacks continue to be active
Under the influence of the epidemic, VPN has become a new entry point for border breakthroughs
Control infrastructure
Security software has become a key medium for lateral movement
Command and control technology change trend
On the whole, governments, national defense and military industries are the primary targets of APT attacks on a global scale. In 2020, the most serious supply chain attack in global history occurred, causing the fall of hundreds of important core organizations in 31 countries. With the rapid development of 5G and Internet of Things technology, APT attacks with generalized, normalized, and complicated technical means have become a serious challenge for digital construction in various fields.
"2020 Global Advanced Persistent Threat APT Research Report": Predicting the trend of APT in 2021, what plans are there to prepare?
The globalization of the epidemic has impacted the construction of international relations and the trend of international order in multiple dimensions. The antagonism in the security order has become prominent, and the overall strategic competition between all parties has intensified. The threat of APT attacks stimulated by this has further intensified. The report pointed out that APT threats focusing on remote office breakthroughs, attacks on the topic of the new crown epidemic, and the theft of anti-epidemic reports against the medical industry have become more and more intensified.
Based on various factors, 360 Safety Brain gives the following seven predictions for the development trend of APT in 2021:
- In response to China's national-level cyber attacks, the number of APT organizations and their attack activity may exceed this year;
- Attacks on the topic of "new crown pneumonia epidemic" will continue to be active;
- Attacks involving remote office infrastructure will become more frequent;
- Supply chain attacks with suppliers as the core target will mainstream the normalcy;
- Continue to closely focus on political and economic hotspots and events, focusing on cyber espionage;
- It is unknown that there will be more and more APT organizations, and the attribution needs long-term continuous research and judgment;
- Targeted blackmail attacks with the intent to destroy and steal secrets will continue to appear.
In the "14th Five-Year Plan" and the process of building long-term goals in 2035, APT threats are likely to penetrate into new technology fields, especially when certain technologies have important prominent moments, or there may be concentrated attacks. At the same time, the "2020 Global Advanced Persistent Threat APT Research Report" emphasizes that with the emergence of more and more unknown APT organizations, the ownership of APT organizations will require long-term and continuous research, judgment and tracking.
end
From sea lotus, vine flower, rattlesnakes to poisonous cloud vines, various APT organizations with complex backgrounds frequently move and disturb the peace of the digital and even physical world. Under the threat of complex global APT attacks, the traditional network security construction has been difficult to effectively guarantee the security line of defense.
