Security experts are seeing an increase lately in advanced persistent threats, threats that have no known signature or known pattern of behavior.
"The first victim is patient zero," notes Samuel Visner, vice president and cyber lead executive at CSC, Falls Church, Va., and a former security official with the federal government. These threats lurk unseen in servers, applications and databases and are very difficult to detect. They often are created by nation-states or companies affiliated with them, they can change their own appearance and migrate from server to server seeking confidential information, they can establish communication with their creators, and they can wait stealthily and patiently until conditions are just right to attack.
These thieves are after not just bank or card account information, but intellectual property, such as product development or marketing plans and corporate strategy. "This information is valuable not only to an economic competitor but to a nation-state that has some kind of relationship with companies that owe sovereign allegiance to that government," Visner says.
"The Office of the National Counter-Intelligence Executive says foreign governments are in fact collecting this intelligence, doing what we call network exploitation, and they are collecting information from U.S. and other Western commercial enterprises. They're doing this because its gives them economic clout, which today is a component of geo-strategic clout."
The value of research and development in the U.S. was estimated by the National Science Foundation at $4 billion in 2008, about 2.8% of the nation's gross domestic product. "If somebody were to steal that, they would get all of the benefit and not have to pay any of the cost," Visner says.
It's too soon in the investigation to tell if the Global Payments data breach earlier this month falls under this category, but financial institutions are widely considered to be targets of such attacks.
"One senior banker said, 'Why would the Chinese hack me? I have their money, they want me to secure their money,' " says Bill Wansley, senior vice president at Booz Allen Hamilton, McLean, Va. "They're not going to steal their own money." Wansley responded that the bank has sensitive M&A information that could be valuable.
"Don't kid yourself. We have never not found malware on a client," he says. "If anybody thinks they're not being attacked, they're not aware of the fact. There are those companies that have been attacked and those that don't know it yet. If you're a major institution, you're being attacked all the time."
In fact, banks, credit unions and insurance companies are among the most coveted targets, according to Darin Anderson, general manager of Norman Software NA, Fairfax, Va. "First off, they have a broad base of customers; someone executing a social engineering trick can play the numbers and send out the email to millions of email subscribers," he says. "The bad guys are following the money to financial institutions and looking for ways to get users to compromise their credentials or the institution itself to open a place where they can further perpetuate their crimes."
ORIGINS OF THE APT ATTACK
The term "advanced persistent threat" evolved from the U.S. military and originally was used as a cover name for Chinese hacking. "It has since evolved to describe a type of attack that meets the definition: advanced in that it's very sophisticated in the technical abilities of the attackers, persistent in that it keeps coming back - it's so well-resourced that it has the time and money to keep plugging away when they want to penetrate an organization," says Wansley. "And it's generally associated with a nation-state attack."
Be the first to comment on this post using the section below.