BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Advanced Persistent Threats: Not Your Ordinary Hackers

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 11 Sep 2013 19:49:26 -0600
http://www.tmcnet.com/topics/articles/2013/09/11/352625-advanced-persistent-threats-not-ordinary-hackers.htm

What do people want, when they attempt to hack your servers? Are they
after email addresses, usernames, and passwords, like the famous
Gnosis hack performed on Gawker Media (News - Alert)in 2010? Possibly,
but unlikely - after all, many users and websites alike have multiple
levels of password protection, and even the Gnosis hackers reported
they were unable to use the passwords they stole, and only performed
the stunt to “humble” the media giant.

Are hackers hoping to scoop up bank account information and steal
money from users, like the Global Payments hack of 2012? Another
unlikely scenario; although the hackers successfully transferred money
out of personal bank accounts, the banks’ fraud protection programs
kicked into gear, recognized the charges, and reversed them within a
day.

No, the new generation of hackers are after something else. They don’t
want to steal from your servers; they want to control your servers.
They want to infiltrate your company’s computer systems without you
knowing, and stay there, undetected, until they have what they want.

APTs Want to Control Your Company

These new types of computer hacks are called Advanced Persistent
Threats, or APTs. They’re different from the low-level LulzSec groups
who enjoy minor hacks like altering PBS’s Twitter (News -Alert) feed.
These hackers are stealthy, pass themselves off as legitimate parts of
your business, and slowly work their way into your intranet and files,
one security leak at a time.

InfoWorld Security Adviser Roger Grimes states: “If you discover a
break-in where the only apparent intent was to steal money from your
company, then it probably wasn't an APT (News - Alert) hack. Those who
deal in APTs are trying to be your company.” One of the most common
ways that APT hackers “become” your company is through the use of
sophisticated phishing emails. Unlike the first-generation phishing
emails, which often included a single link or attachment in a blur of
unreadable text, these new phishers spoof your company email domain
and craft reasonable messages, such as “New 2013 Health Plan.”
Unsuspecting employees click on the attachments, and the hackers now
have access to your company computer systems.

Persistent Threats Need Persistent Defense

How do you stop APTs? Sometimes, there’s just enough off about their
phishing messages - sending an email about the 2013 Health Plan from
an address associated with the marketing department, for example.
However, there are always going to be people who click attachments or
links to malware websites, regardless of your level of company
security and employee training. In that case, you need specialized
network security designed to prevent APT hackers from accessing your
company network. These types of security solutions are becoming common
for even mid-sized businesses and organizations.

How do you know if you need APT protection or network security
services? The first step is to talk to your IT department. They can
run analytics to determine any suspicious activity on the network,
such as remote account log-ons in the middle of the night or
unexpected amounts of data flow during non-peak hours. From there,
they can take steps to block hackers from accessing additional areas
of your server or network.

Of course, the best way to prevent APTs is to install protection
programs before the hackers can reach your network, but keep in mind
that for every protection scheme, there’s a hacker group working to
back-door it. You need more than a single security fix; you need a
dedicated team of professionals ready to keep your company safe no
matter how clever the hackers become. For a persistent threat, you
need a persistent advance guard. It may be the best decision you make
for your company.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

o()xxxx[{::::::::::::::::::::::::::::::::::::::::>
# InfoSec Builders, Breakers and Defenders - Time Square, New York City  18-21 November
# OWASP AppSecUSA 2013  -   http://www.appsecusa.org
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: