Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

GUEST ARTICLE: Mitigating Advanced Persistent Threats

Noor Azwa Azreen Abd Aziz and Zahri Yunos | Oct. 11, 2012
CyberSecurity Malaysia: Understanding the APT exploitation lifecycle and the numerous challenges in addressing threats.

CyberSecurity Malaysia acting CEO (modified)

Authors:  (pictured above) Zahri Yunos is the acting CEO of CyberSecurity Malaysia; while (photo below) Noor Azwa Azreen Abd Aziz is an officer of CyberSecurity Malaysia, which is the national specialist centre for cyber security, under the purview of the Ministry of Science, Technology and Innovation (MOSTI). For additional information, please visit our website www.cybersecurity.my.

 

Technological threats in terms of security could be defined as any circumstances or events with the potential to adversely impact organisational operations (including mission, functions, image or reputation), organisational assets or individuals through an information system via unauthorised access, destruction, disclosure, modification of information, and/or denial of service. Advanced Persistent Threats (APT) is one of the most common technological threats the world faces today.

In Malaysia, there are growing concerns regarding the increase of incidents. Organisations are urged to find counter measures in resolving the matter and should also step forward to create a safer cyber environment.

Cyber security trends in Malaysia

The number of Internet users coming forward to report cyber security incidents to CyberSecurity Malaysia's Cyber999 Help Centre increased sharply over the last four years. Each year, the number of incidents handled by the centre has increased substantially. It has grown from 8,090 incidents in the year 2010 to 15,218 incidents in 2011. Even for the period between January to August this year, about 7,100 incidents has already been reported.

This may be due to the increase of awareness among Internet users and also with the adoption of standard and compliance such as ISO 27001 ISMS in the organisations. ISO 27001 ISMS provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS).

The breakdown of these cyber security incidents can be categorised as cyber harassment, fraud, content related, denial of service, intrusion, intrusion attempt, malicious codes, and spam. However, the statistics provided aforementioned is only the tip of the iceberg. There could be more unreported incidents in the country.

Advanced Persistent Threat (APT)

In the digital age, intellectual properties, personal and financial information, as well as other sensitive data types are at an increasing risk. Targeted attacks by Advanced Persistent Threats (APT) are becoming more and more widespread. APT is the modern electronic versions of covert intelligence operations. Advanced means sophisticated combination of multiple targeting methods, tools and techniques in order to reach and compromise target and maintain access to it.

On the other hand, Persistent is referred to as conducted through continuous monitoring and interaction in order to achieve the defined objectives, while Threats comprise of capability, intent and a level of coordinated human involvement.

A good case study for APT is the Stuxnet attack which occurred in 2010. Stuxnet is a sophisticated computer worm that infected Siemens' SCADA systems. This is a classic example of cyber attacks targeting critical sectors. The attacks were primarily directed towards Iranian nuclear facilities, but there were also reports claiming that other countries such as India, Indonesia and Russia were also affected.

Stuxnet is said to be the first known worm designed to target real-world critical sectors such as nuclear plant, power station and industrial unit. Some experts even believe that Stuxnet is a government produced worm.

APT exploitation life cycle

The APT exploitation lifecycle involves reconnaissance, initial intrusion into the network, establishing a backdoor into the network, obtaining user credentials, installing various utilities, privilege escalation/lateral movement/data exfiltration and maintaining persistence. The explanation of each lifecycle is explained below:

Reconnaissance - Identify individuals of interest and develop methods of access. The targets range from executives to researchers to assistants.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.