An advanced persistent threat (APT) is an attack by which an unauthorized person gains access to the network and stays there undetected for a long period of time. The intent of an advanced persistent threat is often to steal data than to damage the network. Sectors with high-value information, such as defense, manufacturing, financial, telecom verticals and increasingly social networking are the most common targets for APT attacks. The Stuxnet Worm is a good example of APT.
Advanced: sophisticated – hacker has the ability to evade detection and gain and maintain access to well protected networks and sensitive information
Persistent: continues to run until objectives are met – making it difficult to prevent access to your computer network once the threat actor has successfully gained access to your network
Threat: organized and well planned crime – hacker has not only the intent but also the capability to gain access to sensitive information stored electronically originated from the military sector and has been in play for decades.
APT captured media attention in the context of enterprise software, beyond being a mere security buzzword, after Google and Intel admitted to have been targeted by advanced persistent threats aimed at compromising sensitive corporate data and Google’s threat to pull out of China in January 2010. EMC’s announcement that RSA’s SecurID information had been swiped via a sophisticated hack attack in March 2011 further cemented the concerns and need to protect against these sophisticated and organized cyber-attack to access and steal information from compromised systems. Other than Google and RSA, we have also seen Sony and Lockheed Martin be hit by security breaches using advanced persistent threats (APTs).
Following the SecureID hack, Computer World opined that organizations should be proactively prepared for advanced persistent threats or risk being the next RSA. Threat modeling of past attacks, hardening computers’ security settings, implementing strong password policies, implementing application control whitelisting, implementing enterprise wide log management systems with comprehensive alerts and auditing, and most importantly implementing a least-privilege authentication and access control system and policies is critical in battling APT.
Although APT attacks are hard to identify, and combating the APT is a protracted event requiring a sustained effort to rid your networks of the threat, data theft can never be completely invisible. APT requires the victim organization to detect compromised systems, collect evidence, analyze data and remediate threats more rapidly, efficiently and effectively. Detecting anomalies in outbound data may be the best way for an administrator to recognize an APT attack.
Thanks to the persistent nature of APT attacks, traditional security controls do not deter these relentless hackers. A persistent attacker aims at another entry point to the organization – the insider. BeyondTrust, has been securing the perimeter within for over 25 years and gained the leadership position in management and access control for privileged credentials. BeyondTrust has been focused on the accidental and sometimes intentional threats posed by the insider and on Preventing Good People from doing Bad Things.
At BeyondTrust, we believe the first step towards cushioning damages that could be caused by advanced persistent threats, is to not give users access to any resource they don’t require or use. Managing your privileged users’ access and using appropriate delegation policies will significantly reduce the risk posed by APT to your organization.