Cyber attacks have existed since the adoption of the Internet, evolving over the past few decades — from viruses and worms to malware and botnets; cyber threats continue to advance just as quickly as the Internet itself. In recent years, a new threat, the “Advanced Persistent Threat” (APT) has emerged. In the most recent CISO/Security Vendor Relationship Podcast, the Cloud Security Tip explains what organizational leaders need to be aware of when it comes to these types of attacks.
An “Advanced Persistent Threat” is a covert computer network attack where a cybercriminal gains unauthorized access to a network and remains undetected for an extended period. Advanced persistent threats are especially dangerous because they provide hackers with ongoing access to sensitive organizational data.
APT attacks typically have political or business motives — and can have long-lasting consequences for organizations. An ATP attack can cause temporary or permanent loss of sensitive information, disruption to organizational operations, substantial financial loss, and irreparably damage an organization's reputation.
An APT attack is not something that will happen to every single organization — but every organization needs to be aware of the ramifications, and understand a few key takeaways to improve organizational security. There are several recent examples of large-scale APT attacks that can help provide context and understanding.
There are five notable attacks from over the last few years that help illustrate the significance and severity of APT:
These are some of the most large-scale examples to date — so how can these attacks impact organizations on a smaller scale?
Although APT attacks are usually launched against governments and large-scale organizations, these types of attacks are still a concern for other companies — especially in regards to the cloud. Like the Cloud Security Tip explained, the cloud offers limitless volume and is used by millions of organization, all in close proximity to each other — making it an appealing target for cybercriminals because of the large quantities of available data. It becomes an ideal platform for hackers to launch an attack and distribute command-and-control files. Additionally, managed service providers who oversee and maintain cloud infrastructure for their clients can become a natural point for exploitation.
This US-CERT alert includes recommendations and instructions on how to secure managed service providers (MSPs) and how to detect APT intrusions utilizing VPN. Some of the recommendations are as follows:
It is also wise to keep in mind that not all VPNs are created equal — and not all VPNs have good intentions. It was recently discovered that a VPN based in China was actually supported by a network of malware-infected nodes around the globe. The infected nodes were often associated with legitimate organizations in the US and elsewhere — this allowed cybercriminals to piggyback on the compromised organization’s good reputation and target other organizations from there. This should serve as a reminder for all leaders to make sure the technology solutions they implement are actually helping the business, not hurting it.
While your organization might not be at a huge risk for an APT attack, there are still valuable takeaways to help anybody, anywhere. First, make sure you are in control of your network. Have access control features in place so that you decide who has access to what. Second, make sure you have ways to monitor access attempts — and make sure you are following up on unauthorized access attempts. Third, make sure your security solutions are reputable and up to the task. And finally, don’t let APT risks distract you from focusing on your basic cyber hygiene. Don’t dedicate all of your time towards preventing these rare attacks — completely forgetting about the more common threats that are brought on by internal issues such as weak employee passwords. Make sure your network is secured, not just from the major threats, but from the smaller (but equally malicious) threats, too.