Government Contractors and APTs
September 15, 2015
The last several months have seen an increase in the reported breaches of government or related networks. The University of Virginia network was breached recently by Chinese hackers, mainly, it is thought, because of their connection to DoD, Intelligence, and other government contractors, programs, and facilities.
Government contractors seem especially vulnerable these days, particularly to APTs, so let’s take a look at this threat with fresh eyes.
The ABCs of APTs
A. Advanced analysis of seemingly disparate data over time creates a fairly distinct picture of user habits and preferences. Just as marketing professionals (aka algorithms) can use this picture to predict your next shoe purchase, hackers use the data to get to know you. The more sophisticated of these call it target development, and they choose specific targets within organizations. Before you declare your organization immune to this, consider the most useful tool in their toolbox: Google.
P. Persistent attacks on your network are often invisible. Patient hackers use social engineering techniques to worm their way in the door to better understand your key vulnerabilities. Teams of specialists join forces to exploit opportunities they identify, spearphishing selected personnel or deploying RATs to quietly control your network from a distance.
T. Threats to the confidentiality, accessibility, and integrity of your network and data are fully realized when you, as a target are “pwned” or owned. The team of covert operatives then begins to extract selected files and data before making a clean extraction, usually without making their presence known at all.
Advanced Persistent Threats are almost impossible to identify and even more difficult to mitigate. They pose significant threats because the attackers are more heavily invested in a profitable outcome, taking extra precautions to remain undetected, preserving their ability to fight another day.
Cybersecurity Now Easy and Cheap!
Contrary to the SEO-optimized headline above, there are no easy solutions to APTs. ICS can be a vital part of your defense with services like vulnerability assessment and penetration testing, and prevention is a lot easier and dramatically less expensive than recovery. If you like the sound of that math, you should really hear the rest of the story.