What you should know about advanced persistent threats

What you should know about advanced persistent threats

The internet is plagued by millions of cyberthreats that can bring down your business. Perhaps the most sophisticated and menacing ones are advanced persistent threats, or APTs. In an APT attack, an unauthorized user gains access to a system or network and remains there for a while without being detected. APTs are launched to steal confidential data and monitor network activity via the placement of malicious codes in computer systems. They usually target organizations in the military or financial sector, but as they become more common in the coming years, your business can also be at risk.

A brief history of APTs

In 2010, a malicious computer worm called Stuxnet was discovered to have hijacked the centrifuges of Iran’s uranium mines. At the time, it was the most sophisticated APT on earth. It managed to bring down one-fifth of Iran’s nuclear centrifuges without being discovered — that is, until it was too late and the centrifuges had stopped working.

Upon extensive investigation, researchers found that Stuxnet had some similarities to an earlier cyberattack. They found out that the two zero-day vulnerabilities Stuxnet exploited had previously been used by Fanny, a worm developed by the Equation Group. This proves that cyberterrorists are using previous knowledge to build stronger, more powerful APTs.

What’s more, it’s becoming more difficult to distinguish APTs from one another. Experts can usually tell APTs apart by looking at how they were coded or built. However, APTs can now change malware timestamps to make it seem like they come from another time zone. Some APTs are also purposely coded to imitate another group’s APTs in order to pass the blame. This decade, all advanced persistent threats will start to look alike. And in a world where all cyberattacks look the same, perpetrators can hide their identities. Even if your business was attacked, you would not know who was responsible for it.

How APTs attack computer systems

APTs work stealthily to avoid detection. They gain entry by deploying infected files; for example, one that is uploaded via a thumb drive. They can also exploit app vulnerabilities to get access, or rely on human error (e.g., someone clicking on a malware-infected email).

Once APTs get inside the system, they immediately create backdoors and tunnels that allow the malware to remain undetected. This is often done by rewriting codes. Hidden in the shadows, APTs will then crack passwords and gain administrator rights, which gives them the ability to access secure files and servers, view confidential data, and monitor networks anytime. If APTs ever leave the networks, they will keep a backdoor open just in case they need to infiltrate the system again.

Why your business is not safe from APTs

Initially, Windows had been the primary target of most malware. But since the Windows kernel became heavily defended against APTs, opportunists are moving to attack more vulnerable targets: Linux and Mac. To attack all of these systems, they use a popular app builder called .NET., which in itself is not evil. Apps built on this framework are compatible with every operating system (OS), and by default, any malware built on this framework is also compatible with all operating systems. In other words, any business device using an OS is vulnerable and can be infected with an APT.

The warning signs of APTs

APTs may work silently, but some signs can betray their presence in a network. Be suspicious of the following:

  • Unusually high number of Trojans – hackers use them as backdoor to maintain computer system access
  • Targeted spear-phishing, or personalized email scams that target high-value employees – they often contain an infected attachment or a malicious link that installs a program that provides access to your system
  • High log-ins to computers with administrative rights, especially at night – this is a sign that users from the other side of the globe are using your machines
  • Unknown large chunks of data flowing from server to server, network to network, or server to client where there shouldn’t be any – hackers usually compile data before transporting them out of the network

What you can do to mitigate this threat

We can see a future where APTs are launched to cause chaos and panic, making the public gradually distrust institutions like the government and processes such as elections. Because the stakes are high, it’s natural to want to get to the bottom of the attack and find out who did it. However, because APTs will be indistinguishable from one another in the future, correct attribution will become close to impossible.

Instead of focusing on who launched an attack, nation-states and businesses should channel their efforts into fortifying their systems. Since they are fighting advanced persistent threats, their defenses should also be advanced and persistent, proactive rather than reactive. All software must be constantly updated to their most recent version, with all the newest security patches installed. They should train employees on cybersecurity awareness so that no one lets an APT in due to human error. Above all, they should partner with a cybersecurity company that can deploy robust safety measures and actively monitor data to ensure maximum safety from prying eyes.

Advanced persistent threats are just one kind of malware that can bring your business or institution down. Are your systems equipped to thwart these attacks and more? Kosh Solutions offers proactive and round-the-clock cybersecurity solutions to businesses and government agencies in Farmington, Durango, Las Cruces, and Albuquerque. Call us at 505-796-5988 or send us a message today.

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts




Managed Cloud Services: Find out all the ways you can cut costs and increase productivityFree eBook
+ +