To be “slow and low” is an Advanced Persistent Threat (APT) signature. Unnoticed, they penetrate security walls and find their way into networks and computers. Then, they disappear, again unnoticed. An invisible enemy.
According to CSO Australia, “an advanced persistent threat (APT) is a cyber-attack executed by criminals or nation-states with the intent to steal data or surveil systems over an extended period.”
Motives are usually of financial or political nature. Originally, APTs appeared in government or industrial secrets. Cybercriminals now utilise APTs to steal data or intellectual property to monetise and sell them.
The first stage of an APT attack sequence is often spear phishing. Once the hackers have their foot in the door, the enterprise has hardly any means to stop the attack.
Protecting your organisation against increasingly sophisticated security threats is a significant daily challenge. At The Missing Link, we’ve introduced Red Teaming to verify your existing security effectiveness, improve your team’s capability to mitigate risks and bolster your defences against cyber attacks.
Here are five ways to identify APT attacks:
1. Late-night logins
The first sign for an APT can be a high volume of logins across multiple servers outside your usual working hours. APTs have the ability to take over entire networks in no time, which escalates the situation. They just read an authentication database, steal the credentials and reuse them. They figure out who has elevated privileges and permissions and target those accounts first.
2. Widespread backdoor trojans
APT hackers often install backdoor Trojans to get complete control over the compromised computers. As a result, they always have access even if login details get changed.
3. Unexpected information flows
Large, unusual data streams within your enterprise or to external computers, server to server, server to client, or network to network, can also be a sign for APT attacks. Often, these data flows are limited because they are very targeted. To prevent APTs, it is crucial to understand the structure of your data flow.
4. Unusually large data bundles
If you find gigabytes of data appearing in places where they do not belong or in file formats your company normally does not use, you should become very suspicious. This could be a collection point for APTs before your data gets transferred outside your environment.
5. Spear phishing campaigns
Employees are tricked with normal document files (MS Office suite) that contain malicious links or codes. What’s worse, these messages appear to be from trusted sources, such as co-workers, heads of departments, external people who other staff members have recommended, or friends from your social media accounts. To follow their instructions seems to make sense.
However, the most obvious sign is that the phishing email is directed towards a selected group of leadership positions within the company. The emails sound legitimate as they refer to current projects.
What you should know about Red Teaming
They say it’s better that a trusted adversary should discover your weaknesses than a real Advanced Persistent Threat (APT). Our Red Teaming performs multilayered testing of all aspects of your organisation’s information network and devices, its physical assets, its processes and its people to identify vulnerabilities and gaps that could expose it to damaging security breaches. We even have a team of sophisticated ethical hackers to simulate malicious attacks and test how your organisation would respond to a real threat.
Learn more about our Red Teaming.
If you liked this article, you may also like:
Red Teaming: getting down to basics
Red Teaming and the origins of anonymous hacking
What do you do after a data breach
