Advanced Persistent Threats - Types of Associated Attacks
Published on 17 Mar 2014
by GOsafeonline
Advanced Persistent Threat – What is it?
Advanced persistent threat (APT) usually refers to a group with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, using a variety of intelligence gathering techniques to access sensitive information. Other recognized attack vectors include infected media, supply chain compromise, and social engineering.
Channels of Attack
While APT attacks are targeted at companies/ organisations, the channels of attacks are through individuals (i.e, you and me) associated with the targeted company/organization. The reason being the attacker would like to avoid detection and traceability.
To prevent ourselves from being used as a tool of attack, we need to understand how to prevent ourselves from falling victims to such attacks.
These attacks include:
- Social Engineering
How do the attackers know an individual is associated with their targeted company/organisation? This could be through posing as a friendly delegate and exchanging name cards at a seminar. The attacker could also harvest such information through social media websites where individuals have posted their association and employment information freely for view.
- Spear Phishing
Once the attackers have identified you as a potential ‘trusted connection’ to their target company/organisation, they will either send you or entice you with innocent looking information. You might receive an email (remember the name card you gave out card/the email address posted on your social media profile?) with attachment(s) containing information related to your field of work or interest. Or it could be hyperlinks to websites. Unknowingly to you, these attachments or hyperlinks could contain malware targeting zero-day exploits. They could also install backdoors and turn your machine into a command and control server for the attackers to proliferate from.
Avoid Being a Tool of Attack
Be wary of overly friendly delegates and beware of any removable storage devices received. Restrict your social media profile view and be selective of the information that you are posting online. Exercise caution on email, attachments and/or hyperlinks received from new associates or unknown parties. Exercise essential security best practices (Install firewall, ensure antivirus software definitions are updated, ensure OS and application software patches are updated).
If you suspect your computer has exploited as a command and control server, you can contact SingCERT (Singapore Computer Emergency Response Team) to report the incident and for further advice on what to do. SingCERT is the national CERT to facilitate the detection, resolution and prevention of security related incidents on the Internet.
SingCERT’s contact details:
- Hotline: (+65) 6323 5052
- Email: singcert@csa.gov.sg
- Website: https://www.csa.gov.sg/singcert
