Why You Should Be Concern about APT
There is a special kind of enemy in the cyberspace. High-trained, cunning, well-funded and tenacious attackers united in coordinated teams. If they target your company, you’re in real danger. They will do everything to penetrate your network, hack your web-applications and deceive your employees to get what they are after. They use sophisticated, manually created or 0-day malware able to bypass your antivirus. They’ll use diversionary tactics and attack from different angles simultaneously. And what is the worst, they are able to continue their attacks for as long as they want, because usually such black-hat units are sponsored by a state actor or huge cybercriminal syndicates ready to spend already unlimited resources.
But what are they after?
They want to get persistent access to your data — and not for one-time leakage. They want to settle in your network and your endpoints to intercept every bit of your data. More of that, they will try to stay undetected and take sophisticated, hard-to-detect efforts for that purpose.
These kinds of attacks are named Advanced Persistent Threat attacks, or in short, APT.
How APT Attacks Deploy
If your company has tough luck to become a target of an APT attack, you should be ready for the following scenarios.
The attackers will make every effort to find a breach in your network defense and get access to a vulnerable endpoint. Then they will escalate privileges and move along from machine to machine, extracting data and intersecting traffic.
They’ll try to break into your web-applications and databases. They’ll send ideally crafted spear-phishing emails to the company’s top management. They will create an infected website and lure your employees into visiting it to implant malware on their computers… In brief, they will try attacks of any known sorts.
But they can do even more.
They can deploy a DDoS attack against your assets to make the IT-security department concentrate on it and divert attention from another attack conducted simultaneously. As a result, when the DDoS attack is successfully fenced off and the security department breathes out and celebrates, covertly implanted malware starts stealing data in the background.
In APTs, the attackers sometimes even go beyond the digital world. For example, they can puncture tires on the CISO or sysadmin car to prevent them from getting to work when the attack deploys. Actually, the list of their cunning tricks is never-ending…
Of course, an APT attack costs a lot, so they usually target to steal secrets from top-level companies or government institutions. This fact sounds lulled for the owners of not-so-big companies. The bad news is that the attackers often break into such companies to use them as a springboard to bigger targets. Especially, if a small company is a subcontractor of a top-level company, there is a high probability it may become a mark for an APT group.
How to Protect From APT Attacks
As you can see, regular methods can’t stop such kind of attacks. It’s pretty obvious that sophisticated attacks require corresponding methods of defense. But can there be really effective protective methods from persistent attacking with 0-day malware?
Fortunately, the answer is yes. Of course, it’s far from simplicity and routine.
The only way to do it is to build complex protection based on the defense-in-depth and defense-in-breadth principles. That means building a security system that includes a diversity of protective tiers complementing and supporting each other. The system consists of a combination of various cybersecurity tools like firewalls, IPS, SIEMs, WAFs, etc. It also includes processes like constant monitoring of network, whitelisting web-applications, training staff, implementing access control, recovering, encryption and so on. But the main thing is a well-elaborated strategy that defines how to use all these tools, processes and other company’s resources in the most effective way to fight back an APT attack.