Learning Center
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>



"It's difficult to keep APT out," says Forrester's Wang. "My advice is: Don't even try, because you won't succeed."

More Info
  • pg 1
									Cybercriminal techniques

             APT TO
Every organization that maintains intellectual property should be
aware of advanced persistent threats, reports Angela Moscaritolo.

    t would come as no surprise to experts   networks with the goal of stealing trade       which provides cyberattack response
    at defense contractor Northrop           secrets and gaining continued intelli-         services. Using social networking sites
    Grumman that students at a foreign       gence about victims.                           and other publicly available informa-
university might be given the assignment        “This isn’t just hacking for fun,”          tion, attackers gather personal informa-
to break into government or corporate        McKnight says. “This is hacking for            tion about their targets and plan the hit.
networks. After all, these days state-       financial, military or nation-state gain.”         APT intruders use a range of tech-
sponsored hackers around the world              Plus, the APT is not just a single          niques to gain initial access into a
are launching increasing numbers of          cyberattack, says Gary Warner, director        corporate network. The most common
cyberattacks against the U.S. military,      of research in computer forensics at the       method of entry is to launch a spear
government and corporations to obtain        University of Alabama at Birmingham            phishing attack – which entices victims
valuable intellectual property, says         (UAB). Rather, it’s a series of attacks        through social engineering strategies sent
Timothy McKnight, vice president and         against many points in an organization.        out via email – to install malware on a
chief information security officer at            “Each attack might gather a little bit of   user’s system.
Northrop Grumman.                            information,” Warner says. “The idea is,          The malware used in APT attacks is
   Most cyberattacks can be fought off       if you discover one, I might have 20 more      often a one-off version, never to be seen
with good defense-in-depth security          in place. They might not even be active.”      again after it’s used against its intended
measures, McKnight says. However, a                                                         target, says Chenxi Wang, principal
small percentage are tough to stop even      Stages of attack                               analyst at Forrester Research. By the time
with the best security technologies and      While each APT attack is unique, many          the malware is discovered and security
practices in place.                          follow a common formula, according to          companies have created a signature to
   Holding an elite spot at the top of the   Mandiant’s M-Trends report on APT              protect users from it, the signature is
long list of today’s hacking techniques      attacks, released in January. Before           already useless because that version of
is the advanced persistent threat (APT).     launching the attack, cybercriminals           the malware is generally never used a
It’s a name given to attacks that use        carry out a reconnaissance effort to           second time.
customized malware to exploit zero-day       identify key individuals within an                “Because of its nature of being a spe-
vulnerabilities. This allows the bad guys    organization to target, according to the       cially crafted message, it’s very difficult to
to surreptitiously break into computer       Washington, D.C.-based security firm,           catch,” Wang says.

22 SC • May 2010 • www.scmagazineus.com
                                                                                     In fact, according to Mandiant,             resources and financial departments.             “In one way, the APT is like the
                                                                                  just 24 percent of all APT malware is          On average, APT attackers access             boogeyman – it could be anywhere,”
                                                                                  detected by anti-virus software. Further,      40 different systems on a victimized         says UAB’s Warner. “It defies traditional
                                                                                  once the network has been successfully         organization’s network, the majority         information security products.”
                                                                                  infiltrated, APT attackers steal domain         of which are broken into using valid
                                                                                  administrative credentials, which are          credentials, according to the Mandiant       Victims and perpetrators
To top