BreachExchange mailing list archives
Advanced Persistent Threats: Not Your Ordinary Hackers
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 11 Sep 2013 19:49:26 -0600
http://www.tmcnet.com/topics/articles/2013/09/11/352625-advanced-persistent-threats-not-ordinary-hackers.htm What do people want, when they attempt to hack your servers? Are they after email addresses, usernames, and passwords, like the famous Gnosis hack performed on Gawker Media (News - Alert)in 2010? Possibly, but unlikely - after all, many users and websites alike have multiple levels of password protection, and even the Gnosis hackers reported they were unable to use the passwords they stole, and only performed the stunt to “humble” the media giant. Are hackers hoping to scoop up bank account information and steal money from users, like the Global Payments hack of 2012? Another unlikely scenario; although the hackers successfully transferred money out of personal bank accounts, the banks’ fraud protection programs kicked into gear, recognized the charges, and reversed them within a day. No, the new generation of hackers are after something else. They don’t want to steal from your servers; they want to control your servers. They want to infiltrate your company’s computer systems without you knowing, and stay there, undetected, until they have what they want. APTs Want to Control Your Company These new types of computer hacks are called Advanced Persistent Threats, or APTs. They’re different from the low-level LulzSec groups who enjoy minor hacks like altering PBS’s Twitter (News -Alert) feed. These hackers are stealthy, pass themselves off as legitimate parts of your business, and slowly work their way into your intranet and files, one security leak at a time. InfoWorld Security Adviser Roger Grimes states: “If you discover a break-in where the only apparent intent was to steal money from your company, then it probably wasn't an APT (News - Alert) hack. Those who deal in APTs are trying to be your company.” One of the most common ways that APT hackers “become” your company is through the use of sophisticated phishing emails. Unlike the first-generation phishing emails, which often included a single link or attachment in a blur of unreadable text, these new phishers spoof your company email domain and craft reasonable messages, such as “New 2013 Health Plan.” Unsuspecting employees click on the attachments, and the hackers now have access to your company computer systems. Persistent Threats Need Persistent Defense How do you stop APTs? Sometimes, there’s just enough off about their phishing messages - sending an email about the 2013 Health Plan from an address associated with the marketing department, for example. However, there are always going to be people who click attachments or links to malware websites, regardless of your level of company security and employee training. In that case, you need specialized network security designed to prevent APT hackers from accessing your company network. These types of security solutions are becoming common for even mid-sized businesses and organizations. How do you know if you need APT protection or network security services? The first step is to talk to your IT department. They can run analytics to determine any suspicious activity on the network, such as remote account log-ons in the middle of the night or unexpected amounts of data flow during non-peak hours. From there, they can take steps to block hackers from accessing additional areas of your server or network. Of course, the best way to prevent APTs is to install protection programs before the hackers can reach your network, but keep in mind that for every protection scheme, there’s a hacker group working to back-door it. You need more than a single security fix; you need a dedicated team of professionals ready to keep your company safe no matter how clever the hackers become. For a persistent threat, you need a persistent advance guard. It may be the best decision you make for your company. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: o()xxxx[{::::::::::::::::::::::::::::::::::::::::> # InfoSec Builders, Breakers and Defenders - Time Square, New York City 18-21 November # OWASP AppSecUSA 2013 - http://www.appsecusa.org o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Advanced Persistent Threats: Not Your Ordinary Hackers Audrey McNeil (Sep 13)