Background:
In todays information security landscape there are dramatic change in the way and the motivation of cybercriminals. From the use of worms, virus, spyware, bots to advanced persistent threats (APT), zero day targeted attacks, dynamic trojans, stealth bots and zombie devices from the proliferation of IoT(Internet of Things). Organisation or individual are facing a threat which is coordinated, organised, targeted and motivated. These new threat are no longer intended to disrupt, annoy, destroy and commit cybercrime. They are targeting organisation/individual to steal information for financial gain (financial information), intellectual property or cyber espionage(national security) .
What is APT? (definition by Symantec)
An APT is a type of targeted attack. Targeted attacks use a wide variety of techniques, including drive-by downloads, Microsoft SQL® injection, malware, spyware, phishing, and spam, to name just a few. APTs can and often do use many of these same techniques. An APT is always a targeted attack, but a targeted attack is not necessarily an APT.
How Advance Persistent Threat(APT) Works:
Cybercriminals are taking advantage of the zero-day attack, polymorphic malware and blended threat to launched a sophisticated and determined attack to a specific target. Some anti-virus company tag these attacks as malware where in fact these type of attack are intelligent malware that targets organisation or individual for a specific purpose or gain.
Vectors of attack in an organisation or individual:
Method Target Assets
Spear phishing ---> CFO --->Financial Information
Web-Based attack --->Engineering/R&D ---> Intellectual Property
File-base attack ---> Govt. Employee/Military/Law Enforcement ---> National Security
Other assets: Customer Information, Employee Information, Partners Information, Suppliers Information, Credit Card, Social Security Number, Email account, and more.
Tips to avoid APT
* Raising awareness through training and continuos education.
* Drafting and implementing policies to improve and safeguard the ICT resources of organisation.
* Setting-up an incident response team/unit on organisation in case there is a security threat or incident.
* Improving the information security defenses on the following: Perimeter, Endpoint, Monitoring, Applications and Physical Security
References:
https://www.symantec.com/content/en/us/enterprise/white_papers/b-advanced_persistent_threats_WP_21215957.en-us.pdf
No comments:
Post a Comment