|You may think that Advanced Persistent Threats (APTs) are confined to cyber espionage between nation states as it was with Ghost Net. Not anymore - APTs are threats every organisation needs to know about since they’re now com monly used to steal prized industrial and commercial data. The nature of malware attacks has also changed, with the focus shifting from many hacks on many targets to fewer hacks on bigger targets for bigger rewards.
In this series, we examine the key elements of Advanced Persistent Threats – social engineering, custom Trojans and beaconing – and examine in detail:
• What makes APT attacks so hard to detect and stop;
• What types of organisations and data are likely targets;
•Why conventional IT security defences aren’t much help;
•What organisations can do to protect themselves.
WHAT ARE APTs?
Advanced Persistent Threat attacks are targeted, long-lasting campaigns that combine some or all of the following elements:
•Social engineering and spear-phishing techniques to infiltrate organisations;
•Custom-built Trojans to evade security systems;
•Beacons that ‘call home for reinforcements’ to help with exfiltrating information;
•Stealth - so the attack isn’t detected at the time or possibly ever; and
•Residual elements such as a backdoor or a rootkit that remains undetected (persists) and secures future access.
This combination gives cyber criminals greater access with lower chance of detection than other type of attack and, once inside your organisation, lets them establish a foothold for stealing information for as long as they like.
WHY ARE THEY SUCCESSFUL?
What makes these Advanced Persistent Threats so dangerous is that they’re very hard to detect; in fact the theft of prized information can go undetected for months or even years. A recent example is ‘Operation Shady Rat’, thought to have been sponsored by a foreign state. The attackers broke into 72 organizations across the US, Canada, Taiwan, India, South Korea and Vietnam, including the UN, and the International Olympic Committee over a 5 year period. Attackers like these also don’t give up: some of the ‘Shady Rat’ attacks persisted for up to two years.
Evidence that APT attacks have expanded from stealing industrial or government secrets is compelling and recent. With Sony, the attacks on its gaming and entertainment networks targeted another prize: its huge database of customer information.
The break-ins at email services providers Silverpop and Epsilon in 2011 had a similar target: the email databases of their clients, which included Citigroup, Walgreens, Marks & Spencer and Dell Australia. Thefts like these equip the attackers with thousands or even millions of individual email addresses, which open the door for future targeted spear-phishing campaigns with big rewards.