Advanced Persistent Threat (APT): How Safe Are You?
According to a study by Gartner, in 2013, enterprises will spend more than $13 Billion in firewalls, intrusion prevention systems (IPSs), endpoint protection platforms and secure Web gateways. In simple English, this means that enterprises are getting seriously worried about how secure they are, and they very well should be. Cyber-attacks and intrusions are on an all-time high and it is only the tip of the iceberg. Ladies and Gentlemen, we are at the door steps of an internet era where no information is safe, and we will have to fight tooth and nails to keep ours safe and secure. In this post I will be looking into one of the immense threats that the industry is now facing, the Advanced Persistent Threat (APT).
What is APT?
For those of you who have not actually come across the term, I will explain. Advanced Persistent Threat (APT) is those users who infiltrate the network and stays inside the network (hidden) for a long period of time. This means they might not be interested in causing immediate havoc to the systems or network, oh no, these guys are much more malicious and their intentions are way more deviant. They would, by the time they are done, have caused way more damage than any normal hacker. They are after the data that we have, and what they do is find them, collect them and steal them. Imagine the kind of damage they will do if they get their hands on the sensitive information that you have, for example, a new product that you are developing or the software that you are testing or the billing details of your customers.
A few examples: RSA, Sony PlayStation outage of 2011, Iranian Nuclear facility attack back in 2010, etc. Following the attack, Art Coviello, executive chairman of RSA, in an open letter to customers, said, “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” Sony had confirmed that personally identifiable information from each of the 77 million hacked accounts appeared to have been stolen. Experts are saying the attack have seriously affected Iran’s nuclear advancements. Can you see now, how devastating APTs can be?
How do they do it?
These attackers use advanced stealth technologies, tools and strategies to breach your network and once successful they will use similar techniques to stay hidden. This kind of attacks needs immense patience, meticulous planning and precise execution. So it is needless to say that these intruders are not your normal cyber thieves, they are professionals, who will have created contingency and mitigation plans for all probable risks that they might encounter. I am talking about highly skilled, organized and well-funded people, who are dead set on their mission. To gain access they would try techniques like spearphishing or hacking into your partners’ network or your externally hosted systems or social engineering. Once they get in, they stay low. The first thing they would do will be to study or map your network, so as to understand what the strengths and weaknesses of your defenses are. When they have a clear idea about these they will devise a plan by which they will carry out the rest of their operation. Does it sound like a James Bond movie or Tom Clancy novel? Well it should, it has its roots in the espionage community.
What should we do?
The strategy should be to prevent the intrusion from happening rather than to battle them once they are there. No, I am not saying you should not fight them if you detect them inside your network, you should fight but by then it would be too late. Have you not heard prevention is always better than cure?
Defense in depth is one strategy that can help you with this. In this concept there will be multiple layers of defense set up in your IT infrastructure. A single layer of defense will not stand a chance against the kind of intruders that we are talking about here; with multiple layers of defense you will have a fair fight. Defense in depth starts with the staff then moves on to tools like anti-virus, firewall, intrusion detection systems (IDS), packet filters, auditing, sandboxing, timed access control and more. By using all these methods alongside the existing password protection and more, you will be able to create a very sophisticated security protocol that will be difficult to breach. The approach was pioneered by National Security Agency (NSA), so it should be effective, right? Needless to say it is not fool proof. No methods are and will be.
So spend some money and time creating an up-to-date and in depth protected network. The people who work for you are the most important part of your company, but they are also the most vulnerable part when it comes to IT security. So make sure that they receive proper training into security and that they are well aware of the existing threats and what to do and what not to do over the network. Do regular security monitoring, audits and stay alert. Keep a track of any anomalies in the system, for example increased traffic, and make sure they are not part of APT. To a large extend these will help in keeping unwanted visitors out and sensitive information in.