Money

Advanced Persistent Threats: How to recognize them and protect your business



The landscape of cybersecurity is more volatile and dangerous than ever before.

Almost every day, we hear news stories about data breaches, in which thousands of people have their personal data compromised by cybercriminals.

Needless to say, cyberspace can be a dangerous place for those who aren’t prepared for it. Risks vary in severity from minor inconveniences caused by malware infections, to more serious threats, where personal or financial information could be stolen.

Another extremely serious risk to cybersecurity is known as an Advanced Persistent Threat, or APT.

What is cybersecurity?

If you’re still wondering “What is cybersecurity?”, this article might be a bit too advanced, however, it will still help you understand how dangerous cyberspace can be.

Below, we’re going to explain what ATPs are, as well as how you can recognize them.

What is an Advanced Persistent Threat (APT)?

In simple terms, an advanced persistent threat is a stealthy form of cyberattack, where either a person or group of people gains unauthorised access to a computer network and remains undetected for a lengthy period of time.

Traditionally, the definition of an APT was associated with nation-state sponsored attacks, however, in recent years, we’ve been seeing an increasing number of non-nation state groups conducting massive large-scale cyber attacks for their own specific purposes.

Examples of Advanced Persistent Threats

Advanced Persistent Threats go back as far as the 1980s. One notable example is found in a book known as The Cuckoo’s Egg, which details the hunt for an individual hacker who managed to hack into the Lawrence Berkeley National Laboratory.

The tactics used, as well as the lengthy timeframe of this hacking, marked it as one of the earliest examples of an APT.

Let’s take a look at a few other more recent examples.

The Titan Rain Attacks – 2003

Chinese hackers began conducting a series of far-reaching cyber attacks against the US government. The attacks were targeted at stealing extremely sensitive government information and were eventually nicknamed Titan Rain by American investigators.

The attack’s focus was on military information and included multiple APT attacks on the high-end computer systems of entities such as the FBI and NASA. The sophisticated tactics used in these attacks led many investigators to believe that no other organization would be capable of it unless they were military.

The Titan Rain attacks caused quite a bit of friction between the Chinese and US governments since many analysts believed the attacks to have been conducted by the Chinese military, the People’s Liberation Army.

The Sykipot Attacks – 2006

These were another series of cyber attacks where the hackers leveraged vulnerabilities in Acrobat and Adobe Reader to target both US and UK entities, such as defence contractors, government departments, as well as several large telecommunication companies.

Known as spear-phishing, the cyber attackers sent out a large number of emails containing a link or attachment, which itself contained zero-day exploits.

GhostNet – 2009

This is the nickname given to another, more recent large-scale cyber-attack, which was first detected in 2009.

The attacks were carried out in China and were successful in gaining access to computers and devices in more than 100 countries around the world. GhostNet was primarily focused on compromising devices that are associated with government ministries and national embassies.

To analysts, the operation was thought to be an attempt by China to position itself as the leader of an emerging “information war”, which never actually took place.

GhostNet was characterized by the attacker’s ghostly ability to remotely control compromised computers and devices, turning them into espionage devices by switching on their video and audio recording capabilities.

The importance of recognizing APTs

APTs use extremely sophisticated tactics and are often coordinated by large groups of individuals who control an extensive number of host computers.

As you can see, Advanced Persistent Threats can have a whole host of serious and far-reaching consequences. And, not only can they affect massive institutions and government entities, they can also affect the devices of everyday people like you and me.

Below, we’ll explain a few symptoms that can help you recognize if you’re being affected by an APT.

Increased log-ons at night

APTs usually escalate by compromising a single computer and then quickly taking over multiple computers or the entire network in a matter of hours.

Often, you’ll see an increased number of log-ons occurring late at night because most of the time, the attackers will be located somewhere on the other side of the world.

So, if you start to notice a sudden high volume of log-ons when legitimate workers are at home, it could be a sign of an emerging APT.

Unexpected information flows

Large, unexpected data flows from internal access points to other internal or external computers, could be another sign that you’re being affected by an APT. These flows of data can be either from a server to server, network to network, or server to client.

APTs often compile stolen data to internal access points before moving the data outside the network.

So, always be on the lookout for large chunks of data where there shouldn’t be any at all, especially if it is compressed in a format that your company does not normally use.

Targeted spear-phishing

Large, targeted spear-phishing campaigns are one of the best indicators that a network is being affected by an APT.

In most cases, you’ll see a massive spear-phishing campaign targeted at a company’s employees, where emails with corrupted links are sent out in large numbers.

Spear-phishing campaigns are the most commonly used entry methods in most APT attacks.

To find out more about VPN Pro, click here



READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.