In this post: Learn about the new style of attacks that is present in many of the recent, famous data breaches: Advanced Persistent Threats.
Earlier this year, we have witnessed three different and very serious data breaches. Between the Target breach, the Ashley Madison attack, and the Sony breach, security attacks are evolving. The Ashley Madison attack is a great example of the new wave of hacking. Historically the “bad actors” were only after what could be bought and sold easily. This new wave of “bad actors” have adjusted their thinking and decided that blackmail is much more profitable than credit card data.
Depending on the type of attack, organizations have to protect their environments accordingly and respond to the attacks. Many organizations are taking steps to protect their information because they are mandated by federal regulation; some take a proactive approach, while others still do not feel their information is valuable enough to be stolen. There are multiple reasons to be attacked. It could be an Advanced Persistent Threat (APT) like the Sony attack where they “lie in wait” to collect sensitive data for blackmail, or it could be similar to the Target attack where they gathered 40 million credit and debit cards over a period of less than a month. Both were APT attacks with different endgames.
What is an Advanced Persistent Threat?
An APT or Advanced Persistent Threat is defined as a sustained attack. Meaning a type of attack that makes its way into an environment undetected and stays there feeding information to the attacker. It is advanced because it is not just a virus. The attack is usually more complicated and has other vectors involved than just the infection of machines such as loading and activating a BOT or Trojan. It is persistent because it continually siphons off information or has provided a back door for the attacker for some period of time.
A New Style of Attacks
The new style of attacks no longer target credit card or personal data. The changes in payment card industry data security standard have prompted companies to take a stronger approach to securing the data. As a result, this has changed the attack vector away from credit cards to data extortion. The Sony attack started as an APT attack to gather data and quickly changed to extortion. The Ashley Madison attack was strictly an extortion attack that falls under the “hacktivist” umbrella due to their demands to have the sites shut down. The information that was gleaned from Ashley Madison presents one of the most severe issues to date.
The Ashley Madison attack gathered information on users’ real names, addresses, sexual preferences, credit card data, corporate emails, and documents. Of the 33 million accounts that were compromised, 15,000 were government employees. This type of information is something that other countries, like those who would like to harm the United States, could use for nefarious reasons and that is just the 15,000 emails with .gov or .mil extensions. That doesn’t even begin to address the other millions of emails that could range from normal regular users, to CEOs of “Fortune 500” companies. With the information that was gathered, the possibilities of consequences are staggering.
How Do I Protect Myself?
The change in attack vectors shows that a stronger protection stance can have an effect on attacks. Companies have to take this information and change their approach. Industry has kept up with attacks but it is a reactionary approach at best. The more hurdles that the attackers have to traverse, the more likely they will move on to another target. This is why it is so important to protect an organization with multiple layers of security. Defense in depth is not just putting firewalls and AV in your environment. It is placing screening routers, network access control tools, network firewalls, mail scanners, antivirus protection, personal machine firewalls, Application firewalls, protocol enforcement engines, reverse proxies, content filters, VPN’s, etc.
Protection needs to be present at every layer and needs to not only be installed but maintained and audited on a regular basis. Audits and incident response procedures are as important as the implementation of any security measure. A solid incident response procedure should sit alongside the company’s policies and procedures. It is no longer a matter of “IF” you will be attacked. It is now only a question of when and to what level.
Advanced Threat Protection with F5 and FireEye
As you have just read, attacks are evolving and are becoming more dangerous. The time of only reacting to attacks is over. Organizations must take control and be proactive about their business’s security. F5 and FireEye deliver scalable APT protection to identify and stop malicious activity targeting enterprise applications. F5 helps provide effective, comprehensive, and resilient network security solutions for the FireEye network. This joint solution offers the fastest, most effective, and always-on protection against all types of cyber attacks.