Advanced Persistent Threat (APT), is as much a part of the cyber security landscape as viruses, cross site scripting, and identity theft, yet the term is so vague that you might wonder if it applies to you. It does.
In this blog we’ll explain APT and offer some suggestions for combating it. As a starting point, we’ll say that APT is a “low and slow” cyber attack against servers containing valuable intellectual property.
Where is this valuable intellectual property? It could be just about anywhere, but in most cases it’s on back-end systems. Operation Aurora, an APT operation reported in the media in 2009, got a lot of attention because Google was attacked. But that’s just the tip of the iceberg. The targets included dozens of US companies. Similar attacks have targeted government and military computers and business enterprises throughout the world.
APT is characterized by unauthorized software resident on the target system, undetected for a long time, periodically sending information to servers operated by criminal enterprises or foreign governments. The recipients of some of this information use it to get their product to market before yours, at a lower cost, because they’ve skipped the research and development stage, thanks to your stolen intellectual property. Other recipients of the stolen information are more interested in energy grid plans or other information critical to national defense. That’s why some security experts suggest that the term APT should be reserved for state-sponsored cyber-espionage that supports military or economic warfare.
Each of the three words in the term provides more insight to APT.
It’s advanced because of the logistics supporting the attackers. They’re professionals, not hackers. They’re trained and systematic. And their job is to compromise government and commercial entities.
It’s persistent because the modus operandi is repeated theft, not a one-time grab-and-run. The clever hacker who manages to infiltrate a company and steal funds or credit card numbers to sell on the black market doesn’t particularly care if his exploit is detected after the fact. He’s made his profit and is on to another victim. In contrast, APT enterprises are careful to try to avoid detection, because after they’ve stolen the formula for one new drug, the source code for one new application, or the plans for one innovative engine, they want to lurk undetected so they can steal the next, and the next.
It’s a threat because the perpetrators have means and motive, and if they succeed it could mean significant financial loss for the victim.
What can you do about it? Here are a few suggestions for fighting APT:
Your ClearPath servers hold the crown jewels of your enterprise, and that’s what makes them attractive targets. Keep them safe from Advanced Persistent Threat.