On the trail of Advanced Persistent Threats...

Filed Under: Featured, Malware

These days, APTs (Advanced Persistent Threats) are driving a lot of security chatter - and consuming a fair amount of energy.

But is that sort of zoomed-in attitude to security actually good for us?

In our RSA Conference Special podcast, for example, live from San Francisco, Sophos Naked Security writers John Shier and Chester Wisniewski touched on this as one of the key concerns at the event.

John Shier. (2'37") [The hot technology at the conference is] "data analytics." If you look at even some of the [well-known] vendors, there's always this "data-and-APT" feel to everything people are talking about. "How do I protect my data from the APTs" is really the common theme across many of the vendors here.

John's point was that the focus on APTs in particular was pushing (or pulling) people away from viewing computer security in a holistic way.

Indeed, the term APT has come to be applied to a rather narrow subset of malware, specifically those threats concerned primarily with intelligence gathering or espionage.

And this narrow focus, combined with the fact that "how to protect against espionage and intelligence gathering" sounds much more important and exciting than "how to keep the bad stuff out and the good stuff in", is what led John to make the observation we quoted above.

What should you do?

Should you think broadly, and aim for the inescapably practical and effective goal of keeping the bad stuff out and the good stuff in?

Or should you go deep and concentrate exclusively on the scarier-sounding challenge of how to protect against espionage and intelligence gathering?

How do you decide?

Well, popular SophosLabs writer Gabor Szappanos (Szappi) can help.

He's been doggedly tracking a fairly specific set of espionage-style APTs over the past year.

His aim was to see what would happen to the attack techniques.

His results are summarised in a excellent report entitled Advanced Persistent Threats - the new normal?

Szappi followed the trail of various exploits (vectors for breaking into networks) that as recently as a year ago were seen almost exclusively in targeted attacks.

These attacks were probably initiated for intelligence gathering purposes, presumably by hackers paid to conduct national or industrial espionage.

A year later, Szappi is seeing those same exploits turning up regularly in broader attacks mounted by cybercriminals focused on making money through bots and zombies.

The irony, of course, is that one way cybercrooks make money is simply by selling on the data they steal to the highest bidder.

The result is that the hackers from the espionage and intelligence-gathering side of the fence can get hold of your secrets anyway, even if they don't succeed in breaking and entering themselves.

Szappi handily ends his article with three tips that can help you boost your resilience to all types of malware attack, APTs included.

A highly recommended read!

, , , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog