Alex Lei, Director of Security Solutions, Asia South Region and Korea, Symantec
The term Advanced Persistent Threat (APT) is today used to describe everything from single spear phishing attempts to major, coordinated, state-sponsored cyberattacks. But what exactly is an APT and how should enterprises protect themselves from it? We talked to Alex Lei, Director of Security Solutions, Asia South Region and Korea, Symantec, to find out more.
Q: How different are APTs from other forms of cyberattacks?
Alex Lei: APTs are far more sophisticated and insidious than traditional cyberattacks. They zero-in on a particular individual or organisation.
Most threateningly, APTs stay below the radar and can evade detection for long periods, which make them especially effective and dangerous. Unlike the get-quick-money schemes typical of common attacks, APTs have loftier goals such as economic espionage or political sabotage.
Key differences of APTs from the usual cyberattacks are:
- Customised attacks:APTs often use highly customised tools and intrusion techniques such as zero-day vulnerability exploits, viruses, worms, and rootkits.
- Low and slow approach:APT attacks occur over long periods of time with continuous monitoring and interaction by attackers until they achieve their goals.
- Specific targets: While any large organisation with intellectual property can be a target, each APT is aimed at a much smaller range of targets (often just one in the entire world) to accomplish a specific purpose. In addition, APTs may attack vendor or partner organisations that do business with their primary targets.
- Highly damaging:The attackers generally know what the most valuable assets are. They will repeatedly try different techniques to reach all the assets to ultimately steal or destroy them, depending on their motive. These types of attacks will severely damage the competitive advantage and the financial well-being of the victim firms.
How prevalent are APTs in Asia?
While an APT is a type of targeted attack, not every targeted attack is an APT. However, targeted attacks are now an established part of the threat landscape-according to
Symantec's Internet Security Threat Report Volume 19, the number of targeted attacks rose by 91 percent from 2012 to 2013. Attackers have shifted from the common "spray and pray" approach to more stealthy attack campaigns. These average attack campaigns also lasted three times longer, contributing to the overall efficiency of the attacks.
If you consider the threat pattern of having specific targets and a slow approach, the outlook for cyberattacks points towards more sophisticated attacks or APTs. With the attraction of Asia as an engine of growth, the prevalence of APTs in this region's threat landscape will definitely be par for the course.
Should APTs be a top security priority for all organisations in Asia?
Although APT attacks are highly focused on specific targets, partner companies which act as a conduit to the main organisation also run the risk of being attacked. Thus, APTs should remain high on the security horizon as organisations with a better understanding of APTs can take effective steps to defend against APTs as well as targeted attacks of any type.
Sign up for Computerworld eNewsletters.