Archives

Advanced Persistent Threats (APTs)

One of the biggest challenges on the minds of many information security officers is infiltration by advanced persistent threats (APTs). This refers to the stealthy online infiltration in order to steal valuable intellectual property. The reality of these threats to do major damage is forcing organizational IT departments to rethink network security.

What’s an APT?

An advanced persistent threat (APT) is a cybercrime category that aims for business and political targets. APTs require a high degree of stealth over a prolonged period of time in order to be successful. The objective of the attack is to compromise a system over the long term, as affected systems continue to be of service to the organization, even after the breach and once the initial goals have been reached.

Another way to understand APTs is outlined below:

  • Advanced – Criminal attackers behind the threat use the full spectrum of computer intrusion techniques and technologies. Although the individual components of the attack may not be defined as especially advanced, the attackers can usually access and develop more advanced tools as necessary. Attackers will also combine a number of different attack methodologies and tools in order to gain access to and compromise their target victims.
  • Persistent – Attackers will give priority to a specific task, instead of immediate financial gain. This means that the attackers are most likely guided by external entities. These targeted attacks are carried out through continuous monitoring and interaction. Rather than a constant stream of attacks and malware updates, these attacks will often take a “low-and-slow” approach (see below for more information).
  • Threat – This indicates a high level of coordinated human involvement in the attack, as opposed to a mindless/automated piece of code. Attackers have a precise objective and are often highly skilled, motivated, organized and well-funded.

APTs effective breach enterprises through a number of vectors, despite the presence of well-designed and maintained defense strategies. The following is a brief outline of APT attack vectors:

  • Internet-based malware infection
    • Drive-by downloads
    • Email attachments
    • File sharing
    • Pirated software and keygen
    • Spear phishing
    • DNS and routing mods
  • Physical malware infection
    • Infected USB memory sticks
    • Infected CDs and DVDs
    • Infected memory cards
    • Infected appliances
    • Backdoored IT equipment
  • External exploitation
    • Professional hacking
    • Mass vulnerability exploits
    • Co-location host exploitation
    • Cloud provider penetration
    • Rogue Wi-Fi penetration
    • Smartphone bridging

“Low-and-Slow” Approach

A significant feature of APTs is that they remain invisible for as long as possible. Attackers using APT technologies tend to leverage “low-and-slow” approaches, meaning that they stealthily move from one compromised host to another, without generating regular or predictable network traffic. They use this approach to hunt for their specific data or system objectives.

Increasing Attacks

According to a recent Cisco white paper entitled “Email Attacks: This Time it’s Personal,” it appears that more and more attackers are swapping widespread malicious email campaigns for more targeted attacks which employ APT techniques:

“Cybercriminals are balancing competing priorities: Infect more users or keep the attack small enough to fly under security vendors’ radar? Spear phishing attack campaigns are limited in volume but offer higher user open and click-through rates… This is why the average value per victim can be 40 times that of a mass attack.”

The report went on to estimate that the returns for mass email-based attacks have gone from $1.1 billion per year in June 2010, to $500 million annually in June 2011. In the same period, daily spam volume fell from 300 billion messages per day to 40 billion messages per day.

Summary

An advanced persistent threats (APTs) are increasingly being used to compromise high-profile business and political targets over the long term. Such targeted attacks resort to stealthy online infiltration in order to steal valuable intellectual property. The reality of these threats to do significant damage on their targets is forcing organizational IT departments to rethink network security.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:

  • Unplanned Data Disclosure (I.B.g.)
  • Security Safeguards (I.G.e.)
  • Privacy Concerns – Organizational Practices (II.A.b.)
  • System Monitoring (II.A.l.)
Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>