The threat landscape has seen the rise of hacktivism and the quest for greater profits from crime. This has given rise to advanced persistent threats (APTs), one of the most covert targeted attacks employed by cybercriminals. APTs do the following:
In other words, APTs are covert persistent and continuous hacking. For a targeted company, this can translate to losses of millions of dollars, trade secrets and competitiveness.
Many organizations have fallen victims to these attacks including global technology firms, financial services, military and defense entities. The threat actors typically include
state sponsored groups and cyber mercenaries. Different means are used to infiltrate the targeted networks such as social engineering and malware that exploits zero-day vulnerabilities. However, based on recent APT trend reports, these groups are also utilizing supply chain attacks, masquerading as legitimate software and exploiting back doors into critical software. Despite the predominantly targeted nature of APT, the range of victims underline that no industry or organization is immune.
In the last two decades, there have been many prominent APTs (for example those identified in Table 1) which have undermined the security controls of many well-established organizations. The method and nature of the APTs underline the incendiary nature of these attacks.
Table 1: Examples of APTs
|APT||Method of Attack||Targets/Victims||Impact|
|Titan Rain||· Exploited social
attacks on selected
· Known to be ongoing for at least 3 years
|Undisclosed but likely to be losses of sensitive data, company secrets|
|Stuxnet||· First malware to
· Contained four
· Programmed to
erase itself on a
safeguards to limit
the spread of the
damage to critical infrastructure, i.e.
the centrifuges at the Natanz nuclear
laboratory in Iran.
|Operation Aurora||· Targeted andmodified sourcecode repositories
· The series of attacks lasted several months
Adobe Systems, Juniper Networks
Financial services, defense
and energy services
The nature of APT requires comprehensive, dynamic and proactive solutions that permeate all levels of the organizational and IT infrastructure including the people. It is necessary to adopt up-to-date strategies, technologies, practices and policies that involve:
Wilson Consulting Group (WCG) has the expertise and the resources to assist your organization in:
The WCG’s team consists of experienced professionals who has assisted many other organizations in preparing their environment and recovering from a breach. Some of these services offered include:
Let us assist you in safeguarding your data and information assets.
APT Trend Report Q3 2017, https://securelist.com/apt-trends-report-q3-2017/83162/