More than just a single hacker or thief trying to take advantage of your business or steal information about your customers or products, the Advanced Persistent Threat is the super-villain of the hacking world and needs to be prepared for accordingly.
Defining the Advanced Persistent Threat (APT)
An APT or Advanced Persistent Threat is a sophisticated and coordinated network attack that allows an invader to access a network and to remain there, undetected, for a significant amount of time. The typical attacker has a goal of stealing data; APT attackers often set their sights on businesses and organizations with valuable secure data. An APT attacker often targets government agencies, financial institutions and other businesses dealing with high-value information.
The Navy recently detailed the five stages of a cyber intrusion.
A recent piece in Wired magazine highlighted the growing number of Romanian cyber criminals who have focused on stealing from US consumers at a rate of over $1 trillion each year. Unlike the stereotypical hacker who lives and works in his mom’s basement, these cybercriminals have learned to band together and collaborate. These collaborations in Romania and around the world allow a team of criminals to work together, increasing their potential gains while reducing their risk of prosecution by local law enforcement.
While these cybercriminals cause headaches for consumers, they rarely launch large scale attacks against business organizations. Nations-sponsored espionage teams often engage in the same sort of collaborative efforts as their consumer swindling counterparts but focus on long term gain and results. These organizations are often identified as Advanced Persistent Threats, and as the name indicates, they are both skilled at infiltration and likely to make repeated attempts to damage your organization.
Since APTs are clouded in secrecy and their operations can vary, learning more about how they operate and how they have impacted other organizations can help you protect your business from this particular brand of criminal.
Recent APT Attacks in the News
- Anthem Health Insurance was targeted by hackers, and authorities believe that the attackers may have had access to the system for over six months before they were discovered. Malware and a series of faked domain names opened the door into the network, though the actual entry point is unknown. In all, hackers were able to operate within the network for eight weeks before being discovered and they were discovered by accident.
- In 2015, the US Office of Personnel Management was breached, and hackers stole multiple terabytes of confidential information. The breach impacted over 20 million individuals, as the hackers were able to identify defense contractor users and target the specific systems they were operating.
- Sony lost large amounts of data in 2014, including unreleased movies, private information, and data about roughly 6,000 employees and various other pieces of confidential information. According to the FBI, only about 10% of organizations would have been prepared to withstand this malicious attack
How an APT Attacker Gets Into your Network
- The attacker will heavily research the target organization, focusing heavily on the people who work there in the hope of exploiting someone for information. Once a few targets have been identified, the APT hacker then launches a phishing attack to gain credentials or access to the network.
- Once inside, the attacker explores the network and begins to slowly remove or export information. If service disruption is a goal, then the attacker may also attempt to disrupt operations or even cause physical damage to the organization.
What can be done about Advanced Persistent Threats?
The security industry continues to create new protection and detection methods; these are used to identify possible issues and potential vulnerabilities before the criminal can get in. Various methods are used to shore up the technological side of the equation, but employee education and training is a must if an organization wants to prevent an attack by an APT.
Improve Employee Awareness and Education: Employees are a weak spot and can be easily exploited by any group wishing to harm your organization. Your workers do not have to be malicious to allow an APT attacker to access your system; they can be tricked by phishing scams, faked websites, and other methods. Boosting education and employee awareness of this type of attack can help reduce the risk of human error or malicious activity.
Better yet, monitor your organization’s endpoints so malware can’t execute. It’s possible with managed endpoint detection and response.
Consider Baas or DRaaS: Both Backup as a Service and Disaster Recovery as a Service make it fast and easy for your brand to recover if you are breached. By having an up to date backup in place you can access your own files and network from a remote location, without losing data. When you opt for DRaaS or have a robust recovery plan, you ensure that your business runs without interruption and that you don’t lose time and money restoring your full systems on a new network.
Choose Enterprise-Level Anti-Virus Protection: Multi-layered antivirus software and packages can help protect your system; the right AV system will include behavioral analysis and the ability to recognize and remove unknown programs and malware. A consumer solution may not offer the level of security needed to block an APT attack. Since infiltration is only the first step, regular monitoring of the way your systems are accessed via behavioral analysis can help you recognize an intruder and limit the amount of damage they cause.
Manage Devices: Any device, including smartphones, tablets, and other mobile devices that can access your system also exposes you to risk. The devices allowed to connect with your enterprise can be targeted for infection or data theft, allowing an APT attacker a way into your system. Placing limits on data transfer, using encryption and monitoring the way devices access your system can help cut your risk.
Awareness of the danger is an ideal first step when you want to protect your network from APT attacks. Having an emergency backup plan in place and a robust disaster recovery setup can help you get back to work quickly if the worst happens.