A week of scary network threats from Black Hat, McAfee’s Rat Report and more on RSA data breach
If you’d never heard the phrase ‘advanced persistent threat’ before, you may have gotten an ear full of it the past week in a collection of news stories that used the APT term to describe a variety of network security problems that are causing big problems.
Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com
“APT is originally from the Air Force,” says Ryan Kalember, director of product marketing for HP ArcSight, during our discussion of Ponemon Institute’s annual study on cybercrime. The term arose as Air Force shorthand to describe endless, unremitting network attacks coming from mainland China — the People’s Republic of China (PRC). “It’s a running joke in the industry that APT is short for PRC,” he adds.
More news: 20 of the weirdest, wackiest and stupidest sci/tech stories of 2011 (so far!)
But the phrase APT has evolved into something broader. It suggests the effort not just by nation-states, but also industrial competitors, along with any hired-hand assistance, to infiltrate the networks of targets to steal important and sensitive information, such as intellectual property.
And in the news last week, McAfee, based on finding a server on the Internet and analyzing its logs, identified 72 compromised organizations — mostly in the U.S. but also in Canada and Asian nations — it says had APT-style attacks carried out against them for months if not years, starting in 2006.
According to McAfee, an attacker — probably a “nation-state” though it declined to name any country — carried off huge volumes of sensitive information, including “closely guarded national secrets (including from classified networks), source code, bug databases, e-mail archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more.” McAfee didn’t release most of the names of the victims though it did name a few, such as the World Anti-Doping Agency, as well as some Olympic committees.
APT came up in a story on the RSA data breach that blamed China for that breach earlier this year. Joe Stewart, director of malware research at Dell SecureWorks, said the finding was based on research into APT malware called HTran, which was developed by Chinese hackers, that was used in the attack on RSA. The HTran malware, usually installed on a compromised server, is meant to hide transmission of data where an attacker stealing it wants it to go. Stewart found error messages from HTran inadvertently revealed exact IP addresses, leading directly to ISPs in Beijing and Shanghai.
No wonder the Security for Business Innovation Council, a group of 16 security leaders in corporations that include eBay, Coca-Cola Company, SAP, FedEx Corp., Johnson & Johnson and Northrop Grumman, last week said the APT problem is a top concern and it’s changing how you should look at security.
More security news: Corporate cybercrime costs skyrocket
In their report, entitled “When Advanced Persistent Threats go Mainstream,” they say “Focusing on fortifying the perimeter is a losing battle” and “today’s organizations are inherently porous. Change the perspective to protecting data throughout the life cycle across the enterprise and the entire supply chain.”
