An advanced persistent threat (APT) refer to complex, sophisticated and stealthy techniques of using software, hardware or social engineering tools to continuously monitor and extract data from targets such as organizations and/or nations for business or political motives. They typically start with seemingly benign activities that do not trigger any warning, as was the case with the Stuxnet and Aurora. Because a great deal of effort and resources usually go into carrying out APT attacks, hackers typically target high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time.
The threat posed by APTs have turned out to be a major concern not just for IT Firms, but also for industrial establishments, governments, and military organizations. APTs have the capabilities to stop business operations and cause physical damage to plants and equipment. This is a serious threat to Industrial Control Systems common in critical infrastructures such as pipelines, refineries, electrical grids or nuclear plants.
The recent well known attacks in this domain includes the Stuxnet, which was targeted on destroying Iran’s nuclear plans and Aurora,
which was aimed at stealing Googles Intellectual property documents. In the past, attackers reportedly but not officially identified as from China, were able to extract information on US military and intelligence personnel applying for security clearances from Office of Personnel Management databases, and the threat was not detected before the records of as many as 18 million people were breached.
“At the very least, APTs can be used by adversaries to gather tremendous amounts of information,” said retired Col. Cedric Leighton, a former deputy director of training for the National Security Agency (NSA). “Much of that information can be operationally sensitive, and once it’s properly analyzed and correlated it can be used to mount a network attack on a critical network or it can just sit there undetected and provide the military’s playbook directly to an adversary,” he explained. “APTs can do the work of a thousand spies and they can do it far more efficiently than human agents can.”
This type of breach is difficult to detect and expose, particularly in large, complex networks made up of many entry points. There are hundreds of millions of malware variations, which make it extremely challenging to protect organizations from APT. “Most breaches are not discovered for months, said David Hamilton, Guardtime Federal’s president. “We believe we can cut that time by enhancing the integrity of data storage, logging and other aspects of network operations.” David Archer, Galois’ research lead for cryptography and multiparty computation, is also skeptical about the DoD’s current ability to detect and root out APTs. “Today, I would say the detection of APTs is largely sort of accidental,” he said.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.