Cyber Threats: Advanced Persistent Threat Attack
The goal of an advanced persistent threat attack (APT attack) is to maintain covert, ongoing access to a network. This allows hackers to continuously gather valid user credentials and access to more, and more, valuable information.
An Advanced persistent threat attack aims to gather information rather than shut down a network, requiring continual code rewrites and sophisticated evasion techniques.
Typically, an APT attack starts with spear fishing. Through spear fishing attacks, the APT attacker can gain access to move laterally across a network, install increasingly more back doors and even install a ghost infrastructure (allowing them to distribute malware allowing access to vulnerable situations).
Implementing a successful APT attack requires consistent effort. Many even employ a full time administrator and functions are often divided internally among a group of hackers. While such attacks are complex in scope, because of the varied combination of infiltration techniques employed, the singular techniques are typically well-known and easy to defend against. A refined awareness along with preventative software are often all it takes to avoid these detrimental attacks.
Advanced Persistent Threat Attack Case Study: Desert Falcons
The Desert Falcons are a group of- likely- at least thirty hackers distributed across at least three different countries in the Middle East. The group claims to have hacked over three-thousand victims in military and government organizations, employees responsible for health organizations, economic and financial institutions, leading media entities, research and educational organizations, energy and utilities providers, activists and political leaders and physical security companies.
The Desert Falcons have also developed their own malware and built advanced methods and tools in order to deliver, hide and operate APT attacks. Their methods include the typical phishing attacks, but also via forged political activities and news articles with professional content, well designed visuals and familiar details enticing victims to open files and attachments. This sort of care and attention to detail showcases The Desert Falcons as proficient cyber attackers who thoroughly investigate their targets- whom they chose very specifically- before attacking and infecting their network(s).
With a multitude of methods of attack, the Desert Falcons typically rely on social engineering to gain original access into a network. Using targeted emails and documents with seemingly innocent icons linking to a .rar file (which extracts to multiple files and offers making this tactic enough to run a whole command to extract, set-up and run the malware), targeted attacks through Facebook chat (the Desert Falcons were one of the first to use this method), malware delivered as a fake RealPlayer plugin, home-made backdoors, Trojans, DHS spyware and a plethora of other various forms of attacks.
The Kaspersky Lab were able to identify some members of The Desert Falcons in their investigation. You can read their comprehensive case study here Kaspersky Desert Falcons Case Study.
Defenses against APT Attacks
The companies which fall victim to APT attacks are usually based on the enterprise level and are prone to cyber risks because of political, cultural, religious or ideological products or services, often making for high-profile cases. Due to the vast impact and complexity of APT attacks, multiple technologies are required in combating it. Specific security sets are needed, around-the-clock monitoring and incident reports are necessary, extreme use of encryption of data at rest is crucial and network segregation, intrusion detection systems and application white listing capabilities should be added in order to reverse the damage of an APT attack. There are also preventative measures such as having a “vulnerability management system in place, keeping security patches up to date and continually testing the security posture of the IT infrastructure”, according to Ionut Ionescu- head of threat management at Betfair. You can get more information about preventative measures against APT attacks here Computer Weekly APT Attacks.
Learn how to detect and mitigate cyber threats with our Cyber Threat Detection and Mitigation Certification Training Course!
Start your FREE trial today!