What are APTs?
Organizations are increasingly facing targeted cyber-attacks against their systems, known as advanced persistent threats. APT threats can result in the disclosure of sensitive data such as credit card numbers and patient health information.
APTs, according to security vendor Trend Micro, are “purpose-built to breach your network and steal your data, intellectual property, and communications without being detected.”
To understand just how serious the APT threat is, look at recent large-scale data breaches at organizations like Community Health Systems and Target. Community Health Systems, one of the United States’ leading operators of general acute care hospitals, in its breach notice on its website said that an APT group originating from China used highly sophisticated malware technology to attack its systems, resulting in the disclosure of personal details for 4.5 million patients.
The Lifecycle of an APT
The lifecycle of an APT attack consists of five steps, according to data security firm Symantec: reconnaissance, incursion, discovery, capture and exfiltration.
Hackers start their campaign against an organization through attacks like social engineering, zero-day vulnerabilities, SQL injection or targeted malware. What makes an APT attack different, Symantec says, is that “while common targeted attacks use short-term, ‘smash and grab’ methods, APT incursions are designed to establish a beach head from which to launch covert operations over an extended period of time.”
Staying under the radar from organizations’ security systems is a key requirement for APTs, says Damballa, a data loss prevention firm. “As such, the criminal operators of APT technologies tend to focus on ‘low and slow’ attacks – stealthily moving from one compromised host to the next, without generating regular or predictable network traffic – to hunt for their specific data or system objectives,” the company says. “Tremendous effort is invested to ensure that malicious actions cannot be observed by legitimate operators of the systems.”
How Can You React to an APT?
With the level of care attackers take when infiltrating systems, how can companies identify these operations and react accordingly? Confronting APTs will require organizations to respond “with a persistent, active and layered defense model that spans the entire attack surface of their organization,” says network security vendor Dell SecureWorks. “Know your attack surface, know your assets, and insure your layered defenses are appropriately designed and up-to-date to best detect, resist and respond to