Why Targeted Attacks Are Here To Stay

IT security experts have seen an increase in the amount of Advanced Persistent Threats (APTs) over the last couple of years.

A targeted network security attack is a crime that occurs when the attacker specifically targets an individual or a company, often through the internet (although sometimes they can be sent through private networks), as opposed to tangible attacks such as war.

A successful attack will typically allow the attacker to gain access to the victim's assets, allowing theft of sensitive company data which could potentially cause disruption and denial of service.

Gone are the days of sending out spam email in a scattergun approach and trying to steal someone's bank account information. One of the biggest challenges when dealing with APTs today is that majority of attacks seem to come from foreign nation states, such as China and Russia, although the exact origin of the attack is usually almost impossible to prove.

In May this year a seemingly innocent email was sent internally to staff at RSA which contained a malicious script embedded in a spreadsheet. Once opened, the malicious code then took advantage of vulnerability inside Adobe software to install remote administration software to control the user's PC. The information that was subsequently stolen from RSA was then used to mount a targeted attack on a totally different target, the US military contractor, Lockheed Martin.

APTs take a long time to execute, which means there is a good probability they can be monitored and stopped before critical information has been stolen. In the case of an APT, the attacker is looking for specific information they have been paid to obtain - it can take them weeks or even months to track it down.Phishing attacks against banks mean IT security departments spend a lot of time trying to beat attackers at the weakest point of their security chain, the employees.

Online banking fraud has declined, but it has taken the best part of a decade for the banks to work out how to defend themselves against Phishing and Trojan attacks. Some of the techniques used in the last decade can be re-used for APT.

Protecting everything in the corporate network is very costly and time consuming; however, this doesn't stop an organisation identifying their most important assets and ring fencing them with very high levels of layered security. It is vital that our industry responds to what actually isn't a new threat. What is needed now is a new paradigm of information sharing, analytics, and advanced threat management.