Almost a decade ago now, security threats in cyberspace primarily stemmed from harmful computer viruses or malware, with a new threat making the media headlines on an almost weekly basis.
These attacks by harmful computer viruses or malware were opportunistic in nature, spreading quickly and widely often without a specific target in mind. Any systems with a suitable vulnerability were fair-game for an attack.
Just when it seems that these have been brought under control with the development of better processes and systems, we now face a new category of newer, more sophisticated computer-related threats.
Known as Advanced and Persistent Threats (APTs), these primarily consist of cyber attacks funded and coordinated by often well funded criminal organisations. Rather than the more shotgun approach of a computer virus or malware attack, APTs attack a specific target in order to steal confidential data or intellectual property.
Because there is a specific target in mind, attackers often undertake extensive research and planning to tailor the attack to the unique vulnerabilities of the target.
APT head start
Typically attacking via 'zero-day' vulnerabilities (exposures that are not addressed by the software vendors in the form of fixes yets), APTs gain a head-start by embedding themselves within their target before the target becomes aware of any threat.
As most common antivirus solutions are signature-based with some heuristic or self-adaptive capabilities, they often do not detect APTs as these have unknown signatures. Some industry observers put the success rate (or rather failure rate) of antivirus solutions successfully detecting malware at a staggering 20 percent!
APTs are also polymorphic in nature. Like a scene from a science-fiction horror movie, they change their behaviour once inside their target to evade detection.
Hackers are able to direct the actions of the APT using command-and-control servers based outside their target organisations to seek out further vulnerabilities to attack the organisation.
Another unique characteristic of APTs is that they are persistent. As they are designed to achieve a specific objective rather than opportunistic short-term gains, APTs will sometimes lie dormant for extended periods before being activated by the hackers, when other required elements are in place for a coordinated attack.
Furthermore, hackers sometimes install more than one variant of the APT within the target, making the threat resistant to complete removal even if one of its elements is detected and removed.
Organisations face several challenges in combating APTs, and its end-users are often the weakest link in the defences. It often only takes a momentary lapse in judgement-such as downloading free software-for one employee out of thousands in an organisation to compromise its systems.
Sign up for Computerworld eNewsletters.