The lowdown on APTs

The term Advanced Persistent Threat (APT) is today used to describe everything from single spear phishing attempts to major, coordinated, state-sponsored cyberattacks. But what exactly is an APT and how should enterprises protect themselves from it? We talked to Alex Lei, Director of Security Solutions, Asia South Region and Korea, Symantec, to find out more.

Q: How different are APTs from other forms of cyberattacks?

Alex Lei: APTs are far more sophisticated and insidious than traditional cyberattacks. They zero-in on a particular individual or organisation.

Most threateningly, APTs stay below the radar and can evade detection for long periods, which make them especially effective and dangerous. Unlike the get-quick-money schemes typical of common attacks, APTs have loftier goals such as economic espionage or political sabotage.

Key differences of APTs from the usual cyberattacks are:

  • Customised attacks:APTs often use highly customised tools and intrusion techniques such as zero-day vulnerability exploits, viruses, worms, and rootkits.
  • Low and slow approach:APT attacks occur over long periods of time with continuous monitoring and interaction by attackers until they achieve their goals.
  • Specific targets: While any large organisation with intellectual property can be a target, each APT is aimed at a much smaller range of targets (often just one in the entire world) to accomplish a specific purpose. In addition, APTs may attack vendor or partner organisations that do business with their primary targets.
  • Highly damaging:The attackers generally know what the most valuable assets are. They will repeatedly try different techniques to reach all the assets to ultimately steal or destroy them, depending on their motive. These types of attacks will severely damage the competitive advantage and the financial well-being of the victim firms.

How prevalent are APTs in Asia?

While an APT is a type of targeted attack, not every targeted attack is an APT. However, targeted attacks are now an established part of the threat landscape-according to

Symantec's Internet Security Threat Report Volume 19, the number of targeted attacks rose by 91 percent from 2012 to 2013. Attackers have shifted from the common "spray and pray" approach to more stealthy attack campaigns. These average attack campaigns also lasted three times longer, contributing to the overall efficiency of the attacks.

If you consider the threat pattern of having specific targets and a slow approach, the outlook for cyberattacks points towards more sophisticated attacks or APTs. With the attraction of Asia as an engine of growth, the prevalence of APTs in this region's threat landscape will definitely be par for the course.

Should APTs be a top security priority for all organisations in Asia?

Although APT attacks are highly focused on specific targets, partner companies which act as a conduit to the main organisation also run the risk of being attacked. Thus, APTs should remain high on the security horizon as organisations with a better understanding of APTs can take effective steps to defend against APTs as well as targeted attacks of any type.

How should organisations in this region prevent themselves from falling prey to APTs?

The advent of APTs means that companies need to review their security framework with a fresh set of eyes and potentially overhaul the framework. Thus, the best way forward for any organisation to defend against APTs is to ensure that they are well defended against all targeted attacks.

To that end, they should undertake risk assessment in four key areas that can help uncover potential risks from targeted attacks:

  • Malicious Activity: Uncover and analyse malicious activities in an environment.
  • Targeted Attacks: Look for evidence of infection specific to your organisation.
  • Data Loss: Find data spills that could be targets for hackers.
  • Vulnerability: Analyse web applications, databases, servers, and network devices for vulnerabilities.

Once they have completed risk assessments, they can proceed to address key security areas to strengthen. This can be done through a combination of holistic solutions such as Endpoint Security, Data Centre Security, Managed Security Services and a Security Awareness Program for Employees.

What skills should security professionals today possess to enable them to better prevent and deal with APTs?

With the increasing complexity of the threat landscape, security professionals need to adopt a holistic approach for security, supported by both technical means, and critical analysis skills.

The sophistication of APTs signals the need for security professionals to change their mindset-they need to evolve from planning a strategy purely around attack prevention to additionally adopting a detection and mitigation strategy that will limit the volume and severity of the breaches, and help alleviate and mend the damages. This shift in mindset is critical to get professionals to consider a holistic approach that involves not just endpoint and data centre protection, but also on the intangible elements such as employee education on security best practices.

Critical analysis skills will also come in handy when dealing with APTs, particularly in the detection of APTs when they are in the "low and slow" phase of the attack. They will be required to spot nuanced signs in the company's networks that may reveal the existence of a Trojan Horse lying low within, or detect subtle changes in activity on their networks to uncover malware.

Join the CSO newsletter!

Error: Please check your email address.

Tags symantecsecurity

More about AdvancedAPTSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nurdianah Md Nur

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts