The Age of the APT

Cyber events of recent weeks have made governments, network security vendors and just about everyone else feel the heat of advanced persistent threats. — by Shannon Ragan

Cyber news has kicked up a notch. From spyware exploiting not one . . . not two . . . but three zero-days in Apple’s iOS, to the discovery of Project Sauron after laying undetected for five years, to the flurry of accusations of Russian interference in the US election, cyber events of recent weeks have been on a higher level of severity.

And they all have one thing in common: advanced persistent threats.

While the presence of APTs is nothing new, their scope is. Whether it’s record-breaking cyber thefts, meddling in foreign elections or attacks on critical infrastructure, the grip of APTs is being felt more severely.

State Election Database Breaches

On August 29, Yahoo News reported on an FBI alert that warned state election boards to be vigilant against potential signs of cyberattacks. The alert was spurred by the revelation that Illinois and Arizona election databases were penetrated by hackers who made off with hundreds of thousands of voter records.

Homeland Security Secretary Jeh Johnson was quick to point out that these attacks and subsequent breaches are no grounds to doubt the integrity of the electoral system and its cyber components. But in an already bizarre and high-stakes election cycle, where a major party nominee has even called openly for Russia to hack his opponent’s emails, this isn’t going down easy. As Thomas Rid, cybersecurity-focused professor at King’s College of London told WIRED, “In the context of all the other attempts to interfere with this election, it’s a big deal.”

Suspicion for the source of the Illinois and Arizona attacks has landed squarely on Russia, namely due to the spate of recent attacks on the DNC and Clinton campaign. These hacks on the Democrats have been attributed to CozyBear and FancyBear, APTs with purported links to Russian intelligence.

CozyBear and FancyBear have also been linked to cyberattacks on Ukrainian election software aimed to “destroy the confidence of the vote, to the benefit of pro-Russian forces,” according to the Washington Post. Russia is also suspected to interfering in elections in Latvia, Greece, Italy and France.

NSA Zero-Days

It seems even accusation doesn’t go without punishment. Leaked documents on Cisco and Fortinet zero-day vulnerabilities held by the NSA are also suspected to have come from Russia. In a Twitter message, NSA whistleblower Edward Snowden saw the leak as a shot across the bow of the US government, warning against any ideas of imposing sanctions on Russia in response to cyberattacks on the Democratic Party.

But let’s peel our eyes from Russia for a minute, and turn back to the NSA. The leak (in and of itself) should be particularly embarrassing to the intelligence agency. Amidst the condemnation of foreign cyber interference in democratic elections and urging from Congress to make cybersecurity a top concern at the upcoming G20 Summit, the US government is caught with its proverbial pants down. And nothing undermines their calls for intelligence sharing like withholding zero-day information from the software vendors who could fix them. It’s sent a message once again to the cybersecurity industry, private sector and citizenry at large: the enemy isn’t just at the gate — he’s in the foxhole with you.

Be Your Own Worst Nightmare

Don’t reach for the tinfoil hat just yet. One of the best ways to protect against advanced attacks is to simulate them in your own environment. Using comprehensive attack surface models, multi-step attacks can be simulated from any threat origin, exploiting any known vulnerabilities or security weaknesses in the IT infrastructure and targeting any destination.

These attack simulations will give you contextual intelligence of how your own network might behave in a potential attack, enabling you to proactively fix exposures and improve network segmentation to limit lateral movements if attackers breach your perimeter.

You need to know your network better than the attackers do. Total visibility and contextual intelligence give you that power in the age of the APT.

Resources

See why government-sponsored hacking could be crumbling the internet as we know it.

Treat your network like a hacker would in the comfort and security of an automatically updated network model. Attack simulations give you unparalleled insight to the resiliency of your network in the case of an attack. Improve your defenses now! Unless, you’re feeling lucky … punk.

Learn how Indicators of Exposure help signal your most critical security weaknesses most likely be to be used against you in a cyberattack.


Originally published at blog.skyboxsecurity.com on September 1, 2016.

Like what you read? Give Skybox Security a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.