Page 1 of 2
Advanced Persistent Threat (APT) is the latest buzz-phrase from a security industry that cranks them out like clockwork. In a panel discussion Thursday at the RSA 2011 security conference, security experts acknowledged the dangers posed by APTs and said the industry is ill-equipped to deal with them.
APTs are generally focused on specific companies or individuals and target specific information, as opposed to being motivated by financial gain. APTs employ multiple tactics, including social engineering, spear phishing, Windows exploits, Active Directory compromises, and use of remote administration tools.
Heather Adkins, an information security manager at Google, says companies will have to enlist the aid of their top security talent and experience to react to APTs. "We need an 'A-Team' to respond to these threats," she said during the panel. "It's not an easy task, but you should start evaluating what talent you have inside and what you need to do to build such a team, because your adversary has one."
Google has firsthand knowledge of the impact APTs can have on a company. In last year's Operation Aurora attacks, Google -- along with Intel, Adobe and more than 30 other corporations -- had its network compromised by hackers in China that were able to access and abscond with source code and other confidential data.
Perhaps for this reason, Adkins isn't bullish on the long term outlook for dealing with the coming scourge of APTs. "Our conclusion is that it does seem to be futile, at least with the tools we have today," said Adkins."I don't think we are prepared today and I think we have a long way to go."
One of the big problems with APTs is the ease with which miscreants can carry out attacks. "The ROI for these attackers is so high, I don’t see them ever stopping," said Adam Meyers, director of cyber security intelligence at SRA International. "The level of investment to get a successful attack in is minimal, and there is minimal risk for the attackers."
Another APT example is the ongoing attacks on global oil, energy, and petrochemical companies that began in November 2009 -- which McAfee has dubbed "Night Dragon" -- that also appears to have its origins in China.
George Kurtz, worldwide CTO and executive vice president at McAfee, said Night Dragon is notable because despite being relatively unsophisticated from a technical standpoint, it has proven very effective for the masterminds behind it. "Until the cost of the intrusion goes up for the attackers, we're not going to see this solved," he said.
Kurtz likened the attackers behind APTs to penetration testers operating without rules of engagement, free to breach networks, move laterally and "exfiltrate" data once they're inside. "It's very scary to have a permanent pen test with no rules," he said.
Next: APTs and the Cyber War Potential