Meet the Bloggers Twitter BTSecureThinking YouTube Channel Blogroll About BT Looking for more?
BTSecureThinking Resources center

SecureThinking > SecureStrategies

Friday, October 14, 2011

Advanced Persistent Threats: From FUD To Fact

By Patrick Murray, Senior Director, Product Management, Websense

Many executives ask,  “What should we do about APTs?” Executives at large organizations with serious intellectual property (like source code) have a  high level of concern because they  know others will try to take it. Conversely,there’s a large group that thinks, “I’m a $10-million manufacturing company in Ohio. I don’t think Chinese or North Korean hackers are going to be knocking on my door anytime soon.”

And, they are right. For many companies, APTs by definition aren’t a primary concern. The base starting point we all need to know is very simply that APTs are a type of targeted attack. This is where we start to get into the ‘why you should care’ part; because while APTs may not be a concern for many companies, targeted attacks are on everyone’s radar.

Here’s a simple fact. APT techniques used in state-sponsored attacks seeking IP are also used by organized criminal gangs looking to score your cash. No, not everything is a classic APT, but the same technology used by China to hack Google is used by cybercriminals to steal your customer data.

It’s a bit like a bullet-proof vest. Foreign governments and state-sponsored agents spend huge resources coming up with ammunition that will pierce that vest. Once the ammo becomes familiar, others outside the government begin using this ammo for their own purposes..

The same thing happens with attack methodologies. Let’s look at a classic APT and how quickly the techniques employed by it got into the hands of others.

The Aurora attacks of 2009 were among the first widely publicized APTs. Companies including Google, Adobe and Rackspace were targeted by a state-sponsored APT in November and December of that year. On January 12, 2010, Google publicly announced the attack. Only two days later, the zero-day exploit was revealed publicly and then nine days passed until Microsoft patched the primary vulnerability. At that time, the exploit was only detected by 26 percent of AV vendors, but within a single month more than 200 other websites were found to have been attacked and the exploit was delivering other malware to them.

Those sites weren’t all put up by the country that attacked Google. That exploit was put up by organized criminals who knew they had a new round of ammunition to go after their primary targets –companies with customer information or credit card numbers they could quickly turn into cash.

To summarize, APTs aren’t relevant to everyone. But targeted attacks are.

Websense Security Labs has been on the forefront of examining APTs in the wild and have charted the emergence of these exploits. You can learn more about them from my colleague Patrick Runald, one of our senior security research managers, in a recorded webcast.

  1. A new generation of hackers

Posted at 10:13 AM
Tags: , , , , , ,

Bookmark and Share

Leave a Reply