by Dan Lowe, on 24 October 2013
Do the math and let's figure out whether you belong in the less than 1% of businesses affected by APT.
I read articles about companies provide cloud based services to stop Advanced Persistent Attacks (APTs) and think it is the same marketing nonsense that is trying to convince companies that pay for a service that will not work against a motivated and highly funded group. I speculate that over 99.99% of these companies are not the focus of this attack. In the United States alone, there are over 27 million businesses, not including government or educational institutions so do the math and let's figure out whether you belong in the less than 1% of businesses affected by APT.
Advanced Persistent Attacks are targeted attacks on companies or organizations that have valuable information that someone wants or they want to damage the system. Think of the Stuxnet computer worm which targeted Iran's nuclear program and stalled their project for many years. They didn't destroy the system, just damaged the systems running the processes. Most organizations are looking to steal information rather than the latter of destroying or damaging a system, however they may hide malware for future use.
APTs aren't really new. The acronym is new, but it just another approach by determined, methodical, cunning, organized, and well funded individual or groups who extract or damage information while remaining hidden. This has been going on for generations. During World War II, people were spying on the enemy to gain insight about their strategy and breaking enigma codes to find out their plans. The cold war was famous for countries spying on each other, but this spying is taken to a computer level. Mandiant provides an APT process lifecycle that illustrates the steps used by the Chinese to attack a company to exfiltrate confidential information. Of course the Chinese government denied the attacks, but the evidence is compelling.
Many of the tools antimalware companies use to prevent malware attacks are being used against the very company protecting your device. I am not saying antimalware tools are not useful, but against a targeted APT, a company will be hard pressed to find a product that will stop the attack. Most companies need to protect themselves from many criminals who maliciously create malware to pilfer information from them. However, many of us are subject to the cybercriminal population who want to make money from us and launch phishing attacks, fraudulent websites, and other money making attacks. These will continue to be very prevalent forms of cybercriminal behavior leading to mobile devices as the platform.
Do you really think a cloud based antivirus sandboxing and emulation techniques will stop a motivated, well funded malware writer or group? There are multiple ways a designer can trick the system to allow a file to pass through their defenses. The malware designer will probably test out the system and send out RAT (remote administration tool) type of malware to be sacrificed which will allow the person(s) assess the security measures. Once they are able to assess the security techniques, then they can bypass the system and explore.
Let's stop with the headlines claiming that they will stop APTs. It just nonsense and confuses the general population while stimulating fear, uncertainty, and doubt to the average user.
Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.