It has been found that a group of hackers has been hacking into the IT systems of various US agencies and private businesses and has been stealing sensitive information since the past five years. FBI has uncovered these attacks but hasn’t been able to identify the motives or origin of the hackers. However, it is being said that it might be the work of a group codenamed APT6.
Many of you won’t know that APT (Advanced Persistent Threat) means threat actors who have a narrow set of goals and focus their attacks on specific targets only. Most of the APT groups are sponsored by states and make attacks in the interest of their country. Enterprise Products’ VP John Peterson said:
A variety of methods are used in successful APT attacks – including the use of externally available, public information tools and resources on social media, traditional media and other resources where the organization may be advertising for IT staff— thereby disclosing the hardware and software skills being sought after.
The organization’s business partners, suppliers and customers will also typically be thoroughly researched and noted. An APT is not a one-shot attempt.
APTs do not look for a home run at the outset. The main objective is to gain access into low priority areas the company fails to protect adequately – typically a user’s endpoint.
By being patient, the hackers can gradually work their way into higher value segments of the network where important data resides.
Companies who want to harden their security against APT threats can follow Mr. Peterson’s advice. He recommends that firewalls, antivirus, modern sandboxing, whitelisting, and containerization technologies are deployed and maintained and the software is updated regularly. An advanced endpoint protection is necessary along with a secure web gateway, and a breach-and-threat detection system would provide a layered and integrated security. Penetration testing must be performed regularly, and the users and employees must be educated about the security protocols.