Welcome to the WEI Tech Exchange Blog

Enterprise Security and Advanced Persistent Threats (APTs)

Written by Michael Thweatt | Apr 13, 2017 12:45:00 PM

How good are your enterprise’s security defenses? Today’s hackers have access to an arsenal of tools for carrying out targeted attacks, thanks in part to an anonymous and hidden area of the internet called the Dark Web (also called Deep Web or Darknet). Payment for purchases made there is typically in the international digital currency Bitcoin, which offers a fairly high level of privacy.

How Hackers Use the Dark Web

On the Dark Web, hackers buy and sell tools such as malicious software that allow hackers to secretly control people’s computers, website scrapers that duplicate an entire website so users don’t realize they’ve been redirected there, and skimmers that attach to ATMs and gas pumps to capture credit card information. Hackers can buy or sell proprietary information, passports, driver licenses, fake bank accounts, credit card numbers, and login credentials for social media and financial accounts. Hackers can also hire consultants to do their bidding for them on the Dark Web.

So what does all of this illegal activity this mean for enterprise security? Technology is evolving quickly and hackers are evolving along with it. It might be time to get in the mind of the hacker to ensure you’ve taken the right steps to safeguard your network. Here we explain an all-too-common risk: advanced persistent threats (APT).

Advanced Persistent Threats (APTS)

In the cybersecurity world, an advanced persistent threat is an attack that sends out tiny packets of confidential or proprietary information over extended periods of time that are masked as normal network activity. According to McAfee, “Once ‘inside’ and disguised as legitimate traffic, they can establish covert, long-term residency to siphon your valuable data with impunity.” It could be going on without your CSO even knowing about it.

APTs often focus on information that can be sold or used for competitive advantage such as trade secrets, intellectual property, source code and personal information about customers or employees that can be used to open credit. Imagine large organizations of hackers working together, sometimes for years. An APT is a software project that involves target identification, target and environment research, exploit design and development, testing, deployment, and plans for future releases as technology changes. It’s a well-tested and executed operation, and a huge threat to your organization.

In November 2014 at a U.S. House of Representatives Intelligence committee hearing, National Security Agency Director Admiral Michael Rogers warned manufacturers and utility companies of the growing risk of economic espionage by nation states, which are thought to sponsor many of these sophisticated and prolonged attacks. In fact, APT techniques are being used against an increasingly wide variety of industries and companies.

For example, the organization that launched Operation Shady RAT, an attack initiated in 2006 and discovered by McAfee in 2011, successfully penetrated 71 companies across 31 industries.  As enterprises get better at detecting APTs, security industry experts are realizing that APTs are a much more common problem than previously thought.

What Can You Do?

There are a variety of solutions that can work in tandem to protect your organization from such attacks. Enterprises should explore technology solutions including:

  • Anti-phishing technology
  • Monitoring and intrusion detection technology
  • Proper network segmentation and other measures that prevent an attacker from moving across the network once access is achieved
  • Two-factor authentication (such as combining a password with a generated number token or fingerprint) for email—at least for executives—to lower the risk of direct scammer access to internal email accounts
  • New anti-phishing technology that relies on user reporting of phishing emails in order to protect other users

NEXT STEPS: Learn more about APTs in our tech brief: Protect your Network from Advanced Persistent Threats.
 

Curious to find out just how well your enterprise security solutions are working? Sign up for a free security and threat prevention assessment with WEI today.