Defending Your Organization Against Advanced Persistent Threats (APTs)

Monday December 18, 2017Print Page

The threat landscape has seen the rise of hacktivism and the quest for greater profits from crime. This has given rise to advanced persistent threats (APTs), one of the most covert targeted attacks employed by cybercriminals. APTs do the following:

  • use multiple routes and entry points to break into on an organization’s network; and
  • remain undetected for an extended period, in order to achieve their criminal intent, which is to steal highly sensitive data,weaken or immobilize the intended targets.

In other words, APTs are covert persistent and continuous hacking. For a targeted company, this can translate to losses of millions of dollars, trade secrets and competitiveness.

Many organizations have fallen victims to these attacks including global technology firms, financial services, military and defense entities. The threat actors typically include

state sponsored groups and cyber mercenaries. Different means are used to infiltrate the targeted networks such as social engineering and malware that exploits zero-day vulnerabilities. However, based on recent APT trend reports[1], these groups are also utilizing supply chain attacks, masquerading as legitimate software and exploiting back doors into critical software. Despite the predominantly targeted nature of APT, the range of victims underline that no industry or organization is immune.

In the last two decades, there have been many prominent APTs (for example those identified in Table 1) which have undermined the security controls of many well-established organizations. The method and nature of the APTs underline the incendiary nature of these attacks.

Table 1: Examples of APTs

APT Method of AttackTargets/VictimsImpact
Titan Rain

 

·         Exploited social

engineering

attacks on selected

individuals

·         Known to be ongoing for at least 3 years

US defense

contractors,

including Lockheed

Martin, Sandia

National Labs,

Redstone Arsenal,

and NASA

Undisclosed but likely to be losses of sensitive data, company secrets

 

Stuxnet

 

·         First malware to

subvert industrial

process systems.

·         Contained four

different zero-

day exploits.

·         Programmed to

erase itself on a

specific date.

 Specifically

targeted Siemens

industrial software

and equipment,

and contained

safeguards to limit

the spread of the

infection

Substantial

damage to critical infrastructure, i.e.

the centrifuges at the Natanz nuclear

enrichment

laboratory in Iran.

Operation Aurora

 

·         Targeted andmodified sourcecode repositories

·         The series of attacks lasted several months

Targeted Technology

companies,

including Google,

Adobe Systems, Juniper Networks

Financial services, defense

contractors,

security vendors

and energy services

companies

Large quantities

of intellectual

property stolen,

resulting in

substantial losses

in competitiveness

The nature of APT requires comprehensive, dynamic and proactive solutions that permeate all levels of the organizational and IT infrastructure including the people. It is necessary to adopt up-to-date strategies, technologies, practices and policies that involve:

  • assessing the environment to identify areas of vulnerabilities in the people, processes or systems;
  • securing the organizational and IT infrastructure, including all groups that interface with the organization’s system;
  • detecting and containing any APTs;
  • assessing the extent of any breach;
  • recovering from any breach; and
  • developing improved resilience through continued investments in the people, process and technologies.

Wilson Consulting Group (WCG) has the expertise and the resources to assist your organization in:

  • preparing for an APT; and
  • providingtargeted solutions to assist you in securing your environment.

The WCG’s team consists of experienced professionals who has assisted many other organizations in preparing their environment and recovering from a breach. Some of these services offered include:

  1. an assessment of your current information security posture;
  2. an analysis of the how effectively the organizational infrastructure can meet specific security objectives;
  3. the utilization of analytics tools to provide insightful analysis and forensics from the organizational data;
  4. cybersecurity training and development, which is geared towards the specific needs of your organization.

Let us assist you in safeguarding your data and information assets.

[1]APT Trend Report Q3 2017, https://securelist.com/apt-trends-report-q3-2017/83162/

Leave a Reply

Your email address will not be published. Required fields are marked *