What makes advanced persistent threats (APTs) particularly dangerous? The name says it all. According to Symantec, “APTs are often highly sophisticated and more insidious than traditional attacks, relying on highly customized intrusion techniques.” While APTs differ from traditional threats, they leverage some of the same threat vectors.
For example, they take advantage of today’s most sophisticated attack methods and technologies. They single out high-value targets and persistently work to breach them. They threaten the most sensitive information such as credit card numbers to sell on the black hat market and intellectual property for shady manufacturers looking to make cheap knockoff products.
Organizations of All Sizes
To make matters worse, APTs threaten organizations of any size and any type. Any IT manager who thinks his or her organization is safe because APTs hit only large corporations or government agencies is likely to find out the hard way how mistaken this notion is.
Half of all targeted attacks now hit businesses with 2,500 or fewer employees, while the largest growth area for targeted intrusions is among organizations with 250 or fewer workers, according to the Symantec Internet Security Threat Report 2013.
Think about it: Many large organizations have better resources to protect themselves, making midsize and smaller enterprises attractive targets. Smaller companies also may provide inroads into larger partners. So if a foreign government wants details about a new military aircraft, why would it target the Pentagon directly when a vulnerable subcontractor in the supply chain can provide access to the blueprint?
No Silver Bullets
What does it take to stop APTs? Unfortunately, nothing will completely defend against them. But the latest security technologies can mitigate APT risks, starting with two important components.
- Secure endpoints: With the right tools, IT managers can identify and stop many advanced and targeted threats at these critical junctures. Data loss prevention (DLP) technology can provide visibility to all traffic in and out of a network and block any links to possibly malicious sites. DLP protects equally well against malware, unscrupulous insiders or otherwise trustworthy employees who carelessly email sensitive data outside the organization or copy it to a USB drive.
- Next-generation firewalls: The best NGFWs have a built-in engine for intrusion prevention and URL filtering to make sure users don’t visit malicious websites. Leading solutions also offer advanced malware detection engines to analyze any file or application at the network gateway to determine its risk level. Learn more about NGFWs in this recent BizTech Magazine post.
Train for Success
IT managers shouldn’t overlook the importance of in-depth end-user education. Even an organization with the best security policies and technologies in place is at risk if end users with elevated access rights don’t fully understand the problems that APTs pose.
These users should be trained never to open questionable attachments or web links, and to contact the IT department for help dealing with anything that seems suspicious. Regular training sessions can help end users spot the latest threats.
Advanced Persistent Threat (APT) Playbook
Cyber attackers who use advanced persistent threats often follow a multistep plan of attack:
- Gather intelligence to identify worthwhile data to pursue the specific types of individuals to target. This step is aided by volumes of public information posted by potential victims on social media sites and in blog posts.
- Look for possible entry into the targeted organization. The most popular and effective attack vectors are targeted email messages that look authentic enough to trick insiders into clicking on an infected link or website.
- Stay hidden. The overall goal of any APT intrusion is to install malware on a victim’s network that then communicates with the cybercriminal’s command-and-control servers. This foothold helps hackers see into the larger infrastructure, infect other machines and network segments, and ultimately extract valuable data. Rather than in-your-face viruses designed to crash a website with a showy flourish, APT infections run in the background for months or years.
Top 5 Industries Attacked in 2012
- Finance, Insurance, Real Estate
- Services (Non-Traditional)
SOURCE: Symantec Internet Security Threat Report 2013