After a year of high-profile data breaches, and widespread vulnerabilities in enterprise networks, cyber threats can be easily predicted as a hot topic for 2015. One of the biggest cyber threats on the horizon is APT (advanced persistent threats); these attacks are designed to target specific victims and perform cyber crime silently. As a result, APT attacks often go undetected.
According to the Department of Homeland Security, APTs targeting businesses are creating a global demand for solutions that mitigate the damage caused by these threats. The notion has been backed up in an independent study conducted by the nonprofit organization ISACA, and it revealed that a large number of respondents consider APTs as threats having the ability to impact not only enterprise, but also economic and national security.
The objective of the cyber criminal conducting the attack can be theft of sensitive information or fraud exploitation. Hackers use techniques to get into an enterprise network to exploit it, staying in the network as long as possible, and retaining control while going undetected. Such attacks may not be used to actually damage the network, but conducted to gain access, acquire data, and monitor targeted PCs.
Different APT techniques
APT attackers pursue their objectives for an extended amount of time. During the phase, they use multiple attack techniques, including the following:
Keylogging: This involves injection of malware to record keystrokes that can be used to gain access to internal and external data and applications. Hackers use keylogging to bypass the security perimeters in an organization, and then access files and other information on a remote basis.
Phishing: As APT is an attack that includes permanence, it can involve sending malicious emails to targeted victims within a corporation to gain inside access to a network. Phishing, as a result, can be used to fulfil the purpose of APT i.e. data exfiltration.
Zero-day exploits: Savvy cyber criminals can enter the network via a back door computer program and use rewritten code or evasion techniques (computerized) to bypass security mechanisms. Zero-day exploits can also be used to create an undetectable gateway for hackers.
Cyber-espionage: This is when APTs are conducted at a larger scale. An example is the Chinese-Cyber-Espionage attack, which included Advanced Persistent Threats stealing data from 141 organizations in different industries, dating back to 2006. The data included company processes, contact lists, blueprints, and intellectual property. Sony Pictures has also been a victim of a well-organized APT attack.
What’s new in the APT world?
2015 won’t be characterized only by an increase in frequency of APT attacks, but there will also be a change in techniques used.
An interesting development is that of small hacking groups, who will multiply the number of attacks and the locations from where they are conducted. The fragmentation will make it challenging for victims to defend themselves.
The growth of cloud computing has also given hackers another route to attack companies and stay more effectively within networks. It will also be interesting to see the niche targets of hackers this year; for example, the targeting of company executives staying in high-profile hotels.
As technology evolves, CIOs have a variety of tools at their disposal to detect adverse activities, but APT cyber criminals always try to be a step ahead with the use of new technologies.
What can be done?
Modern APT attacks are well-organized and methodical, which makes them difficult to detect and mitigate. Nonetheless, solutions that allow for early-detection and real-time reporting can help system administrators to gain insight on what is happening in the network before hackers disappear from the network folds.
Massive’s Strixus Global can help in keeping your finger on the pulse with close to APT threat alerts, all with input from humans, to indicate threat levels and incident details, which are sent to the designated personnel directly and accessible through a secure portal.
With an algorithm designed for enterprise networks as well as the dark web, Strixus drives deep into locations to reveal APT hotspots. Clients benefit from a robust intelligence system on what they feel is vulnerable.