On the trail of Advanced Persistent Threats…


These days, APTs (Advanced Persistent Threats) are driving a lot of security chatter – and consuming a fair amount of energy.

But is that sort of zoomed-in attitude to security actually good for us?

In our RSA Conference Special podcast, for example, live from San Francisco, Sophos Naked Security writers John Shier and Chester Wisniewski touched on this as one of the key concerns at the event.

John Shier. (2'37") [The hot technology at the conference is] "data analytics." If you look at even some of the [well-known] vendors, there's always this "data-and-APT" feel to everything people are talking about. "How do I protect my data from the APTs" is really the common theme across many of the vendors here.

John’s point was that the focus on APTs in particular was pushing (or pulling) people away from viewing computer security in a holistic way.

Indeed, the term APT has come to be applied to a rather narrow subset of malware, specifically those threats concerned primarily with intelligence gathering or espionage.

And this narrow focus, combined with the fact that “how to protect against espionage and intelligence gathering” sounds much more important and exciting than “how to keep the bad stuff out and the good stuff in”, is what led John to make the observation we quoted above.

What should you do?

Should you think broadly, and aim for the inescapably practical and effective goal of keeping the bad stuff out and the good stuff in?

Or should you go deep and concentrate exclusively on the scarier-sounding challenge of how to protect against espionage and intelligence gathering?

How do you decide?

Well, popular SophosLabs writer Gabor Szappanos (Szappi) can help.

He’s been doggedly tracking a fairly specific set of espionage-style APTs over the past year.

His aim was to see what would happen to the attack techniques.

His results are summarised in a excellent report entitled Advanced Persistent Threats – the new normal?

Szappi followed the trail of various exploits (vectors for breaking into networks) that as recently as a year ago were seen almost exclusively in targeted attacks.

These attacks were probably initiated for intelligence gathering purposes, presumably by hackers paid to conduct national or industrial espionage.

A year later, Szappi is seeing those same exploits turning up regularly in broader attacks mounted by cybercriminals focused on making money through bots and zombies.

The irony, of course, is that one way cybercrooks make money is simply by selling on the data they steal to the highest bidder.

The result is that the hackers from the espionage and intelligence-gathering side of the fence can get hold of your secrets anyway, even if they don’t succeed in breaking and entering themselves.

Szappi handily ends his article with three tips that can help you boost your resilience to all types of malware attack, APTs included.

A highly recommended read!