Imperva lifts the lid on non-advanced persistent threats

Attackers can obtain access privileges and access protected data by using nothing more than knowledge of common Windows protocols, basic social engineering and readily available software.

According to research by Imperva, data breaches that are commonly associated with the “APT” theme are often achieved by relatively simple (and commonly available) means, using basic technical skills.

Amichai Shulman, CTO of Imperva, said: “There needs to be a fundamental shift in how we view APTs and how we protect against them. These types of attacks are difficult to prevent and our report shows that they can be conducted relatively easily. In order to mitigate damage, security teams need to understand how to protect critical data assets once intruders have already gained access.”

A new research paper from Imperva, "The Non-Advanced Persistent Threat" claims that Advanced Persistent Threats (APTs) require only basic technical skills, it also found that built-in Windows functionality, combined with seemingly “innocent” file shares and SharePoint sites can provide attackers with an entry-point to accessing an organisation’s most critical data.

Talking to IT Security Guru, Shulman said that many people consider APTs to be technical and “magic”, and it wanted to show how they are used to take hold of a single foothold in the organisation and spread throughout an organisation but are not often technical.

“We are showing that these techniques are actually very simple and not sophisticated, and not resorting to zero-day vulnerabilities, or complex scripts and hacking tactics. The importance of that is once you understand how these techniques work you can put mitigation in place to find them,” he said.

Asked what businesses can do to protect themselves, Shulman said it is more about collecting privileges than hacking, so businesses should recognise the abuse pattern and what are users doing in the organisation, such as a lot of users working from one machine or a lot of out of working time on one machine.

“They are relatively easy to detect if you have the right security solution in place. Monitor the activity from your database to your file server and it leaves you with the ability to manage access control with a very small set of critical files, so you can go to the data owner of that set of critical files and that is how you achieve control of your privileges,” he said.

Dan Raywood is editor of the IT Security Guru