All You Need to Know About APTs

November 18, 2013

Nowadays, we talk a lot about malware that invades our daily activities. Some are more dangerous than others — whether they target private users or companies. Organizations are also threatened by attacks for their intellectual property, which is a key element in the functionality of a business. Advanced persistent threats (APTs) are amongst the most dangerous that exist in the computing world. During the RSA Conference 2013, held in Amsterdam, we met with Neil Thacker, Security Strategist at WebSense, Jaime Blasco, Director of Alien Vault Labs and Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab. With their help, we unraveled the characteristics of these attacks and the way organizations and individuals can protect themselves against them.


Advanced Persistent Threats — quite an intimidating name, isn’t it? “Advanced” because the tools used in these attacks are more sophisticated than those usually used by cybercriminals. “Persistent” because once a breach is created in an organization, it can last for months or even for years in certain cases. These attacks mainly target companies. Nevertheless, home users are not safe either — you may not be an interesting target, but you still might be useful for cybercriminals who could then target your friend or a member of your family who holds an important position in a company. The damage caused by these attacks is much more important than the damage caused by simple malware — as Neil Thacker explained to us, “they use different vectors, different types of exploits, different types of vulnerabilities to access companies’ sensitive data”. However, you may be wondering, what do cybercriminals actually target with this type of attack?

The intellectual property, a major target

Most companies store their important data within their networks. Patents, innovative designs, models and even sensitive or confidential data — everything is stored there. The main target of APTs is intellectual property. Criminals identify an employee who has access to sensitive data — and preferably, someone who is not aware of all these security issues — in order to infiltrate the network and collect all the data that is stored on his/her computer. “If you have this kind of data within your company, you should be aware of these types of threats and put in place all the necessary means that exist nowadays to protect these intellectual properties,” Jaime Blasco warned. But criminals can go beyond espionage; they can cause serious damage and paralyze the entire functioning of the targeted company, as Costin Raiu, Director of Research at Kaspersky Lab, explains: “We had cases where these attacks caused direct damage to the activities of the company. For instance, the attack against Saudi Aramco, an oil company: 30,000 computers were paralyzed in a targeted attack in August last year. So yes, intellectual property is the most frequent target, but the paralysis of an entire network and therefore of all the activities of a company can also be an objective or consequence”. Now that we’ve established this fact, you are probably wondering how and with what tools companies can protect themselves from these attacks.

No silver bullet, but some means to fight back

The first thing to know is that, as our three experts explained, there’s no “silver bullet” solution. Nevertheless, each of them gave us some advice in order to minimize the risks as much as possible.

“You obviously need certain technologies to protect yourself from these threats, but for me, the solution is a combination of processes, technologies and human actions. Prevention and education are the most important factors.” -Jaime Blasco

There’s no magic recipe, but some behaviors and processes should be implemented according to Jaime Blasco: “You obviously need certain technologies to protect yourself from these threats, but for me, the solution is a combination of processes, technologies and human actions. Prevention and education are the most important factors.” Costin Raiu added that “studying the victims of APTs is also very useful. Doing so, we notice that 95% of these attacks target companies with security standards that are not strict enough. They don’t know the risks or the practices in terms of security, they don’t install the latest patches nor do they use antivirus software. And they get compromised. First of all, companies need to make sure they have the latest patches, the latest operating system and that they use a safe browser [such as Chrome or Firefox] with the latest patches installed. We also need to educate users. If you manage to gather all these ingredients, you will be better protected against targeted attacks.” As far as Neil Thacker is concerned, “it is also essential to educate certain employees.” This education must be given at all levels of the organization. Don’t underestimate cybercriminals, if you know about the risks and you’ve taken all the necessary precautions, they won’t hesitate to target some of your less cautious partners and use them to reach you.

To conclude, it is safe to say that the targeted attacks or APTs will keep on existing and expanding as long as companies have attractive data. There’s no miracle solution, but prevention and education within companies seems to be the first step towards increased security. Always keep in mind that 100% safety does not yet exist, therefore, you should always remain vigilant.