What is A Stealth Attack
In one line, I would define a stealth attack as one that remains undetected by the client computer. There are some techniques used by certain websites and hackers to query the computer you are using. While the websites utilize browsers and JavaScript to procure information from you, the stealth attacks are mostly from real people. The utilization of browsers to collect information is termed browser fingerprinting, and I’ll cover it in a separate post so that we can focus only on stealth attacks here. A stealth attack could be an active person querying data packets from and to your network so as to find a method to compromise the security. Once the security is compromised or in other words, once the hacker gets access to your network, the person utilizes it for a short period of time for his gains and then, removes all traces of the network being compromised. The focus, it seems in this case, is on removing the traces of attack so that it remains undetected for long. The following example quoted in the McAfee whitepaper will further explain stealth attacks:
Methods Used In Stealth Attacks
In the same whitepaper, McAfee talks about five methods that a stealth attacker may use to compromise and gain access to your data. I have listed out those five methods here with a summary: As the hackers are always a step ahead of the security systems available in the market to the general public, they are successful in stealth attacks. The whitepaper states that the people responsible for network security are not concerned much about stealth attacks as the general tendency of most people is to fix problems rather than to prevent or counter problems. Read: What is Replay Attack and how do you prevent it?
How to Counter or Prevent Stealth Attacks
One of the best solutions suggested in the McAfee whitepaper on Stealth Attacks is to create real-time or next-generation security systems that do not respond to undesired messages. That means keeping an eye on each entry point of the network and assessing the data transfer to see if the network is communicating only to servers/nodes that it should. In today’s environments, with BYOD and all, the entry points are many more compared to past closed networks that were reliant only on wired connections. Thus, the security systems should be able to check both wired and especially, wireless network entry points. Another method to be used in conjunction with the above is to make sure your security system contains elements that can scan rootkits for malware. As they load before your security system, they pose a good threat. Also, since they are dormant until “the time is ripe for an attack“, they are hard to detect. You have to spruce up the security systems that help you in the detection of such malicious scripts. Finally, a good amount of network traffic analysis is required. Collecting data over time and then checking for (outbound) communications to unknown or unwanted addresses can help counter/prevent stealth attacks to a good extent. This is what I learned from the McAfee whitepaper whose link is given below. If you have more information on what is stealth attacks and how to prevent them, please share it with us. References:
CISCO, Whitepaper on Stealth AttacksThe Dark Visitor, More on AntiCNN.exe.