An advanced targeted cyberattack on your business can prove devastating to your finances, trade secrets and overall security. How do these advanced targeted attacks, also known as “APTs” or “advanced persistent threats,” differ from the typical hacking or malware scheme, and why should your business worry about them? To begin with, businesspeople who educate themselves on APTs are in a better position to defend themselves against these malicious cybercrimes.
Identifying the Attackers
The first difference between an APT and a typical cyberattack is the people behind the attacks. With APTs, they’re a team, perhaps an entire organization of people devoted to cybercrime that actually has funds to put their hackers on payroll. They may have done this to other businesses before, and made off with confidential and important information. They may be involved with rival businesses, or more likely, they’re simply in the business of stealing funds and selling classified information. They could be based in another country, which grants them an extra layer of anonymity.
A better strategy than finding out exactly who these people are is focusing on stopping them, no matter who they are, from getting into your business’ system.
How They’re Attacking
The second characteristic of an APT that they don’t always share with a typical cyberattack is stealth. The typical hacker might “slash and burn;” in other words, make their presence known. They get what they can and wreak havoc, sometimes for no reason other than to cause IT headaches. APT hackers are there to get something, though, and they don’t want to be noticed. They’re not going to install computer-crashing viruses, and they’re not going to make huge changes to your system. They’re going to sneak in through vulnerabilities in your network and do everything to mask their presence.
APT doesn’t always leave a digital trace, either. Instead of searching for evidence of an APT attack, it’s wiser to focus on closing the holes in your security system and shutting down any backdoor entry.
How They Get In
Because APT hackers are so focused on stealth, their methods of entry are understandably stealthy, too. They’re not going to attach themselves to computer-crashing viruses, but they may find entry through unnoticed spyware. Educate employees on avoiding these common methods of APT entry:
- Phishing attempts: Gaining important information, such as login IDs and passwords, under the guise of a trusted source.
- Drive-by downloads: Employees may know not to download suspect files, but drive-by-downloads attach to a system simply by visiting a suspect website, via methods such as a pop-up ad or fake program upgrades.
- SQL injection: This is one for your IT consultants. Vulnerability in layers of code within applications as well as websites can open these sites and programs up to stealthy attacks.
What They’re After
APT hackers are in the business of making money; what they steal has to lead to some financial gain. Governmental contractors, for example, have been the target of APTs because their confidential defense-related files are worth a lot on the black market. At your business, APT hackers could be after:
- Payroll and banking information: Any kind of account numbers and confirmation with which they can steal small amounts of funds you may not immediately notice missing over a period of time.
- Confidential information about upcoming projects, products or services in development, to be sold to rival businesses or exposed online.
- Passwords and other login codes that will aid in their future attacks.
APTs may just go after one of these, or they may target all over a period of time. Pay close attention to keeping these pieces of information safe when you upgrade your network security. It may also help to ask employees to avoid downloading sensitive data from the virtual private network to their personal devices, or to immediately delete the data after they have finished their work.
Another characteristic of the APT is that it goes on a longer duration of time. One way the hackers maintain their stealth is to steal in small doses. They’re businesses, albeit illegal ones. They have the patience to launch long-term and full-scale attacks on your system, until they get what it is that they want.
Work to close holes in network security immediately and you may be able to stop an APT, even if it’s already in progress. Other strategies include shuffling passwords and asking employees to log off of business networks whenever they’re done.