To begin with, I am not an expert on this subject. I came across an article from McAfee that explains what a stealth attack is and how to counter it. This post is based on what I could understand from this document and invites you to discuss this topic so that we all benefit.
What is stealth attack
On one line, I would define a stealth attack as one that goes unnoticed by the client computer. There are some methods used by some websites and hackers to query the computer you are using. While websites use browsers and JavaScript to get information from you, stealth attacks are mostly carried out by real people. Using browsers to gather information is called browser fingerprinting, and I’ll cover that in a separate post so that we can only focus on stealth attacks.
A stealthy attack can be an active person requesting data packets from and on your network to find a way to compromise security. As soon as security is compromised, or in other words, as soon as a hacker gains access to your network, the person uses it for a short period of time to their advantage and then removes all traces of the compromised network. It seems that in this case, the main focus is on removing the traces of the attack so that it goes unnoticed for a long time.
The following example, provided in the McAfee white paper, will describe stealth attacks in more detail:
“A covert attack works quietly, hiding evidence of the attacker’s actions. In Operation High Roller, malware scripts corrected bank statements that the victim could view, providing false balances and eliminating signs of a fraudulent transaction by the criminal. By hiding the evidence of the deal, the criminal managed to cash out the money. ”
Methods used in stealth attacks
In the same whitepaper, McAfee discusses five methods that a stealthy attacker can use to compromise and gain access to your data. I’ve listed these five methods here with a summary:
- Evasion: This seems to be the most common form of stealth attacks. The process involves evading the security system you use on your network. An attacker goes outside the operating system without knowing the protection against malware and other security software on your network.
- As the name suggests, this type of attack targets the network of a specific organization. One example is AntiCNN.exe. The whitepaper just mentions its name, and from what I could find on the Internet, it looked more like a voluntary DDoS (Denial of Service) attack. AntiCNN was a tool developed by Chinese hackers to gain public support for collecting from CNN’s website (Link: Dark Visitor).
- Sleep mode: an attacker injects malware and waits for a profitable time
- Definition: An attacker keeps trying until he gains access to the network
- Sophisticated: The technique involves generating noise as a cover for malware to enter the network
Because hackers are always one step ahead of the security systems available to the general public on the market, they are successful in stealth attacks. The whitepaper says that people in charge of network security are not particularly concerned with stealth attacks, as the general tendency of most people is to fix problems, not prevent or counteract them.
How to counter or prevent stealth attacks
One of the best solutions suggested in the McAfee white paper on Stealth Attacks is to create real-time or next-generation security systems that do not respond to unwanted messages. This means keeping track of every network entry point and evaluating data transfer to see if the network is only communicating with the servers / nodes that it should. In today’s BYOD and everything environments, entry points are much larger compared to past closed networks that relied only on wired connections. Thus, security systems must be able to inspect both wired and especially wireless entry points.
Another method that will be used in conjunction with the above is to make sure your security system contains elements that can scan rootkits for malware. When they load in front of your security system, they pose a serious threat. In addition, because they remain dormant until “the time to attack” has come, they are difficult to detect. You need to tidy up your security systems to help you detect such malicious scenarios.
Finally, a good analysis of network traffic is required. Collecting data over time and then checking (outgoing) messages for unknown or unwanted addresses can help counter / prevent stealthy attacks to a large extent.
This is what I learned from the McAfee whitepaper linked below, if you have more information on what a stealth attack is and how to prevent it, please share with us.