For the average computer user, the notion of an advanced persistent threat (APT) is not something one usually has to think about. Traditionally, APTs have been largely a problem for government agencies or major businesses, which are the targets of criminal organizations (or other governments) that have the means and ability to effectively target a single entity over and over again.
APTs are not your average computer virus. They aren’t viruses attached to emails or malware embedded into the code of a website, added in the hopes that random users will download it and they might get some useful information. These are specific, targeted reconnaissance missions and attacks designed to accomplish a particular goal and access valuable and sensitive information from a major entity.
However, while APTs were once limited to high-level targets, thanks to the proliferation of mobile devices and the shift to the bring-your-own-device environment within large organizations, criminals have started attacking lower-level targets as a means of accessing networks and sensitive data from larger targets. This means that protecting mobile devices has taken on a new urgency among IT departments, and many have made mobile security a top priority.
How an APT Takes Place
APTs don’t generally come from your average hacker — and they are generally looking for a very specific piece of information. These attacks do not happen overnight, either. Most of the time, the target does not even realize that he is being watched — and many times the breach happens without notice as well.
For example, say a criminal has been hired to find information about a major deal that an organization is working on. For several weeks, he monitors the organization, determining who the players are and how the organization operates. He might target a few lower-level employees, perhaps via social media, making connections and creating a path into the organization. When the time is right, he will make his move, perhaps via malware, get the information he wants and slip away without being detected.
Or perhaps the criminal gains access to a user’s account via a weak password. Once he logs in to the network remotely, he uses sophisticated malware to gain more privileges and access to additional levels of data — or compromise additional devices. He then bides his time, waiting until he finds the sensitive data he needs — and again, slips away without notice, thanks to a weak security plan.
The Role of Mobile Devices
Mobile devices, especially those used for work, add a new dimension to the APT landscape. Attackers target mobile devices via connections on social media or apps, using malware to gain access to company networks. Once they have gained access, they often remove the malware from the device with the user none the wiser.
In some cases, the APT is not designed to gain access to the network but targeted toward a specific person. For example, high-level officials, celebrities and CEOs might be victims of APTs. The criminal accesses the person’s mobile device and gets the information he needs — perhaps a sensitive email — and then uses that information for blackmail or other purposes.
Protecting Mobile Devices
Battling APTs is something all IT departments need to be concerned with. You might think that because you’re a small business, your data is not important to hackers, but rest assured, your data is valuable to someone.
That means you need to invest in a multilayered security solution that protects your network from attacks. That means including antivirus protection, firewalls, intrusion protection and detection, and Web reputation management — and a complete mobile device management program. Mobile devices that are used to access corporate networks need to be protected with the same tools used for computers. The policy should also govern which apps can be used by company devices; since apps are often the entry point for malware or hackers, users should know which apps are acceptable and which should be avoided.
Successfully protecting your organization from APTs requires putting yourself in a criminal’s shoes, and determining the most likely areas for attack. Certainly, major databases are worth protecting, but what about endpoints like user workstations or mobile devices? Understanding your vulnerability to APTs and taking adequate steps to protect yourself will prevent a significant data loss — and the loss of time and money when an attack occurs.
Image from Flickr’s Creative Commons
About the Author: Fiona McArdle is an Internet security expert and IT manager who recommends threat protection by Smart Protection Network for businesses of all sizes. She writes about security issues for several websites.