According to a new study, one in five IT security professionals noted that their organization had been the victim of an advanced persistent threat recently.
The ISACA report also discovered a number of factors that could lead to an APT, and two-thirds of respondents said they "think it is only a matter of time before their enterprise is targeted," Business Technology stated. Overall, 92 percent of study participants noted that social media use could raise the chances of an APT attack, and another 88 percent said BYOD practices in connection with a jailbroken mobile device could make an APT more successful.
At the same time, the study found 96 percent of respondents are familiar with an APT, which is a considerable increase from last year's percentage.
What is an APT?
According to Business Technology, the study defined APTs as attacks that "possess sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objective by using multiple attack vectors." APTs are also characterized by the length of the attack, as cybercriminals engaging in this type of intrusion are typically able to remain in the victim network for a longer period of time in comparison with traditional malware infections, TechTarget stated. Hackers launching these types of attacks also focus on compromising and making off with sensitive data and are not aiming to harm the network as it could cause early detection.
"In a simple attack, the intruder tries to get in and out as quickly as possible in order to avoid detection by the network's intrusion detection system," TechTarget contributor Margaret Rouse wrote. "In an APT attack, however, the goal is not to get in and out but to achieve ongoing access. To maintain access without discovery, the intruder must continuously rewrite code and employ sophisticated evasion techniques."
Rouse noted that due to this type of attack construction, the complexity of certain APTs can cause a victim business to devote a full-time administrator to detecting and removing the infection.
How APTs work
An APT can infiltrate an organization through a number of intricate attack strategies, including online and physical malware infections, as well as external exploitation of the victim network, noted Damballa. As such, APTs can leverage malicious email attachments, infected files, pirated software, spear phishing and drive-by downloads. An APT can also include an infected USB or memory card, a malicious CD, appliance or IT equipment with a backdoor. The type of malware used is critical to an APT and could include pre-established samples, or custom ones.
"Modern 'off-the-shelf' and commercial malware includes all of the features and functionality necessary to infect digital systems, hide from host-based detection systems, navigate networks, capture and extricate key data, provide video surveillance, along with silent and covert channels for remote control," Damballa stated. "If needed, APT operators can and will use custom developed malware tools to achieve specific objectives and harvest information from non-standard systems."
The ISACA study noted that it is this combination of traditional threats in combination with strategies equipped with more powerful methodologies and characteristics than run of the mill attacks that makes APTs such a formidable data protection risk.
Protecting against an APT
While the purpose of APTs is to remain in an infected system for as long as possible without being detected, the SANS Institute's Rob Lee told CSO Online that these types of attacks can be stopped.
CSO Online reported that in recent years, 90 percent of all APT infections were able to sidestep detection by the victim and were instead discovered by a third party. In some cases, this allowed the APT to remain in the system for months or years, even. In addition, Trend Micro noted that 55 percent of companies are unaware that an APT attack has even taken place, and even less know the degree of the damage or the hacker group controlling it.
This makes the services of third-party security providers critical in protecting against an APT. The best APT protection strategies include the ability to detect and analyze the infection, as well as the capacity to adapt current safeguards in response to the attack at hand. The only system providing this level of protection is Trend Micro's Custom Defense, making it the cornerstone of APT security.