Attack of the Unknown – Advanced Persistent Threats (APTs)

They’re out there waiting, sitting at their computers hoping for you to make a mistake. And you will, because no one is immune to their advances. It might be an email from a well-known retailer, or a solicitation from a local charity, or a message from a school you attended updating you on friends and alumni. Their tricks are endless and eventually you will succumb: by clicking on an email, opening an attachment, downloading a file. When you do, they’ve got you. And the worst part is that you’ll probably never know. That’s the malicious nature of an Advanced Persistent Threats.

Hackers tirelessly scan for vulnerable systems. Anyone is fair game.

Email is the Exploit

Research conducted by IDC has uncovered significant operational and security risks for mobile and online services. Advanced Persistent Threats (APT’s) – or what is also known as spear-phishing – are one of the primary threats. Such threats originate from three discrete types of perpetrators. These include: (1) Organized Crime (2) State-Affiliated Agents (3) Political & Social Activists.

Unfortunately, the report noted that companies do a less than optimal job of protecting their employees and email systems from these perpetrators. One reason is that while IT personnel are focused on the advanced nature of online attacks, many hackers do not rely on sophisticated solutions. APTs instead use widely understood and available techniques such as Brute Force hacking and SQL Injection to obtain access to networks and confidential data. A key APT strategy is to exploit the vulnerability of most email systems where select company employees – in many cases senior executives — are tricked into opening seemingly innocuous emails and downloading malware.

Spammers also leverage phishing, but cast a wide net. They obtain emails from a variety of sources and send out their spam with little or no thought about the number of recipients. A common technique is to make the message appear to originate from a major retailer. The spammers send the email to every address they have, knowing that some percentage of the people who receive it will be customers of the retailer and susceptible to their message.

Another equally troubling fact is that advanced persistent threats are not limited to PC-based email. The proliferation of smartphones, tablets and other mobile devices have made mobile an important strategy for hackers searching for new ways to exploit companies

What are Advanced Persistent Threats and how do they differ from Standard Hacking?

Phishing targets a company’s employees in an effort to take over their accounts. APTs zero-in on specific individuals – who if compromised can be used to advance the hacker deep into the company’s computer network. This requires more patience and, as the name implies, more persistence than an undifferentiated email blast.

When sending out an APT, hackers go to great lengths to make the subject line and message appear plausible. They analyze address book information, social media, and use any other data they can obtain about either an individual or a bank. For example: if an employee receives a message inviting them to join a charity their institution actually supports, he or she could be easily fooled into clicking on a link. Equally important, an APT is not a one shot attempt. If the charity ruse doesn’t work, the hacker might next identify a school the bank employee attended and use that in a subsequent email. The hacker persistently targets the same person as well as other people who work for the company until one of them makes a mistake and clicks on the link.

Also Read: Reduce Business Security Risks via Effective Mobile Security Management

A “watering hole” is a technique used to infect the target without direct email contact. How it works: the hacker identifies a website they know the employee visits and injects it with malicious code that the victim will then download. This is similar to a “drive by attack” with a third-party website employed as the point of infection. In this way, many small and medium size companies are unwitting participants in the APT because their websites provide a weak link to reach the intended target.

APTs do not look for a home run at the outset. The first objective is to gain access into low priority areas: the weakest links. By being patient, the hackers can gradually work their way into higher-value segments of the network where important data resides.

Once a hacker gains access to the desired data, they benefit from the fact that intrusion detection systems focuses primarily on the traffic coming into the network – not the traffic going out. By encrypting, compressing and transferring the stolen data without detection there is no reason for the hacker to close shop. Stealth is the key. Most hackers want you to know you’ve been infected and compromised. APTs don’t. By having the breach remain unknown, they can return to exploit the same individual – and institution — again and again.

ExterNetworks is a single source provider of managed services for all end-to-end technology solutions. With our Managed Security Solutions, we help create simple and necessary defense strategies that will go a long way in preparing your organization to tackle APTs and reduce risks. We also recommend practical measures that you can take to prevent, detect and respond to such attacks.

No strings attached: You can talk to our Security Advisor to understand how you can successfully manage the risks of APTs to your business.