Wednesday, 12 December 2012

How Hackers Attack Through APT Entry Points


As business communications and data sharing becomes more sophisticated, so do attacks on sensitive data. APT's(Advanced Persistent Threats) are part of the new wave of data hacking techniques. Not only are these attacks more frequent and persistent, but APTs often evade corporate security monitoring systems by coming in through email, PDF files, familiar software and other trusted communications and business tools. It is less costly to prevent APT entry points than to extricate the threat once it’s inside your system. To secure your system, you must understand how hackers attack through APT entry points.

Types of Entry Points:

Hackers use different types of entry points depending on the security system. Email is still the most common APT attack point. Email can allow a hacker access to your data when an employee opens an attachment such as a link, a PDF file or a Microsoft Word document. Once the attachment or link is active, malware is downloaded to help the hacker infiltrate your system and obtain the desired data. Also, with the increase in mobile device usage through both corporate-issued technology and BYOD/BYOC programs, instant messaging, mobile email applications, social media freeware, social networking programs and other communications apps are increasingly used as APT entry points. Slightly less known APT points include exploitation of vulnerabilities in popular software programs. The most widely used programs, such as the Microsoft Office suite and Adobe products, are the most frequently exploited programs.

Six Steps to APT Entry:

While variances are possible, there are six steps to most APT attacks (this graphic offers more information).
  1. Gathering Intelligence: It is rare to detect an APT attack during this phase. The hacker performs external research to gain information and choose attack targets. Often free, open source portals such as social networking sites are used for research.
  2. Point of Entry Execution:  The malware is delivered through email, instant messenger, file download or software exploitation. Occasionally, the hacker uses a less traditional means of delivering malware via a direct hack of the server or website.  
  3. C&C (Command and Control):  The hacker follows the malware to control and direct the search for data.
  4. Enhance Control: Once inside, the hacker can compromise additional computers and devices by working from the point of entry and out laterally. 
  5. Data Identification: The point of gaining entry through an APT point is to identify desired data. In step five, the hacker employs different techniques to pinpoint the data’s location.
  6. Data Harvesting: The data are identified, harvested and extracted. The hacker typically uses tools like encryption to disguise the data being transmitted to external servers that the hacker controls. 

Guarding Against APT Threats:

APT threats are an advanced form of hack used to gain access to larger amounts of sensitive data. The process for guarding against APT threats is two-fold. First, identify your system’s vulnerabilities with a thorough IT risk management assessment. Examine how employees communicate, what controls or protections govern access to outside applications or web servers, whether BYOD/BYOC programs are used and how server access monitoring is done to find weak points. Be sure you have the latest versions of antivirus software and software suites installed, because the software’s updates often address known security threats.
Next, use the data collected from the risk management assessment to determine the level of threat your organization faces. Consider installing an enhanced network security product that includes specific controls to stop targeted attacks. You should choose a product that performs these four steps:
  1. Detect: The product should detect even “invisible” threats as well as common threats.
  2. Analyse: The product should instantly perform a full threat analysis to assess risk.
  3. Adapt: The product should act quickly to send alerts, in addition to blocking known and new risks.
  4. Respond: The product should deliver detailed information about each attack incident.
By understanding how hackers attack through APT entry points, it’s possible to threat-proof your infrastructure against security breaches.
About the Author: Judy Levine has spent her career in the government and corporate IT security sectors. Today, she is a lecturer on the technology conference circuit, helping IT managers implement Trend Micro software for better security. 

No comments:

Post a Comment