Category

Protect against advanced persistent threats

April 11, 2019
APT

You may have heard the phrase advanced persistent threat or APT being thrown around in conversations about IT security. An APT is a type of cyberattack in which cyber criminals access an organization’s network, remain undetected for an extended period of time, and collect sensitive and/or valuable information over time. 

APTs are coordinated attacks, typically on large government or banking systems, conducted by highly sophisticated hackers. They may exploit zero-day vulnerabilities—security flaws that are known but not yet patched—or conduct highly-targeted spear phishing attacks to gain access to a network.

One of the most well-known APTs was a sophisticated Trojan called Eurograbber, which was used to steal an estimated $36 million euro from more than 30,000 victims over the course of 2012. The attacks used a Trojan (a variant of Zeus) designed to recognize and inject instructions into banking transactions, which diverted money into a “mule” account owned by the criminals.

In other cases, attackers simply take advantage of obvious security vulnerabilities. If you have been listening to Breach Season 2, about the massive 2017 Equifax breach, you know that sometimes relatively unsophisticated hackers gain access to corporate networks as well. In the Equifax breach, attackers went undetected for nearly a month. Why? Because Equifax had neglected to renew their network monitoring software license.

The Equifax breach doesn’t meet the definition of an APT, per se, but the results were the same: hackers made off with the personal identifiable information (PII) of millions of Americans. It’s also a perfect example of why it is so important for businesses to have a strategy in place to identify and prevent attacks. 

Advanced persistent threat protection 

Protecting against APTs and similar threats requires a multi-faceted approach that includes employee education, antivirus and threat detection, network monitoring and management, and data protection.

Education – Employees should be trained to identify phishing and other social engineering tactics that cybercriminals use to conduct attacks. Security training can be developed in-house or outsourced to a third party. Some IT security vendors even offer training packages, depending on your organization’s needs, this might be a good option.

Antivirus/threat detection – Education goes a long way, but someone will eventually click on a bad link or download a malicious file. That’s why tools that identify and block malware and other viruses is critical.   

Network management – Hackers take advantage of vulnerabilities in software and operating systems, so it is essential to keep them up to date and patched. Many attacks can be averted by keeping your systems up to date. Additionally, there are monitoring tools available to detect and alert you of suspicious network traffic. 

Backup – Finally, backup is the only way you can be certain that you can recover data if it is lost or corrupted. That way, even if your data is breached, you are able to restore and recover clean copies of your data.