Advanced Persistent Threats (APT) are computer attacks usually driven by government agencies or terrorist organizations conducting espionage or trying to take valuable data for non financial purposes. Rarely are APTs led by political or commercial organizations. However, in some cases, marginal threats do arise from obsessed individuals and legitimate commercial organizations since the value of data goes well beyond just the financial value. Incidents like Project Aurora and Wikileaks highlights that data also has both political and military value.

Detailed Description

The key characteristics of APT hacking are:

  • It's very personal. The attacking party carefully selects targets based on political, commercial, and security interests. Social engineering is often employed by an APT.
  • It's persistent. If the target shows resistance, the attacker will not leave, but rather change strategy and deploy a new type of attack against the same target. The attacker may also decide to shift from an external threat to an internal threat.
  • Control focused. APTs are focused on gaining control of crucial infrastructure, such as power grids and communication systems. APTs also target data comprised of intellectual property and sensitive national security information. Personal data, however, is of no interest. Surprisingly, APT hackers are not as concerned with costs or revenue. Thus large budgets may be thrown against individual targets with no “financial” justification. How can you quantify state security?
  • It's automated but on a small scale. Automation is used to enhance the power of an attack against a single target, not to launch broader, multi-target attacks.
  • It's one layer. One party owns and controls all hacking roles and responsibilities. In fact, the most serious government organizations operate their own botnets (or at least take control of parts of botnets).

Examples:

  1. Stuxnet-Worm targeting Iranian nuclear reactor machinery.
  2. Google hacked by Chinese government to uncover communications and identity of Chinese dissidents.

Prevention

If you have identified an APT, then you need to collect and review audit information with regards to accessing sensitive assets. Always, you should protect both your site and customers by using a rapid procedure of scanning for security vulnerabilities. Considering, however, the more “James Bond” nature of APTs, you may also need a powerful, fully customizable solution that integrates with vulnerability assessment technologies. For product information, click here.