Advanced persistent threats (APTs) have been around for decades. However, these targeted attacks are on the rise, and becoming more threatening than ever before.
“What makes today’s APTs unique and frightening are the sophistication of the malware, the vectors they’re choosing for attack and the perseverance with which they’re going after their targets,” said a Fortinet report titled “Threats on the Horizon: the Rise of the APT” released last month.
We sat down with Richard Henderson, security strategist for Fortinet’s FortiGuard Threat Research and Response Labs to learn more. In terms of strategic shifts, cyber criminals are making their APTs more targeted by focusing on one or two specific individuals, rather than taking a broad-brush approach that targets many individuals across multiple organizations.
“It’s easier to focus more effort and energy on learning everything you can about one or two people,” said Henderson. “Using that information, it’s simple to create a specifically crafted email, send it to the target and copy their boss and the boss’ boss. Nine times out of ten, they’ll fall for it.”
The narrower focus and audience of these spoofed emails also makes them harder for IT security systems to pick up on, he added. In addition, hackers continue to focus on less sophisticated audiences, such as people in human resources, marketing, and sales. These individuals get huge amounts of emails, and are less likely to spot phishing email than, for example, the IT department.
Despite the well-honed focus of the average ATP, these attacks are plentiful. In the first half of 2013 alone, Fortigard customers experienced 142 million unsuccessful hacking attempts. “The number of attempts is staggering,” said Henderson. “You could quintuple that figure and it still wouldn’t be accurate for the total.”
To successfully fight APTs, organizations need to get back to basics, said Henderson. First and foremost, keeping IT systems, both at the server and the client level, patched and up to date is critical — and often neglected. Many organizations are rightly concerned that new releases offered by software vendors may inhibit their infrastructure.
The second prong of a successful anti-APT strategy is in user education. “Companies are not doing a good job of educating users on how to remain safe on the corporate network,” said Henderson. “More people need to be skeptical. Teach employees that every email is suspect until proven otherwise.”
Users must also be trained and reminded of the potential security implications of bringing their work devices home or connecting personal devices to the corporate network, he added.
Take a look at the infographic below, for more data on the current state of APTs.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
