president and CIO, Foreground Security
APTs are real and dangerous. To understand why, let’s break down the terms used:
Advanced. These intrusions are carefully plotted, systemic operations conducted by sophisticated and motivated groups. This includes specially designed code that has never been seen before.
Persistent. Not only are attacks persistent, but after entry, an APT by nature will not be identified, and will create several methods of maintaining that control/access.
Threat. The APT knows what it wants – something of high value to the victim – and goes right after it. Verizon’s “2011 Data Breach Investigations Report” indicated that there were four million stolen records in 2010, and nearly one of 10 breaches amounted to combined efforts from external attackers and an insider.
That kind of “collaboration” sets the table for an intrusion that is advanced, persistent and very much a threat. Organizations that ignore this will leave themselves open for the resulting consequences.
No, the majority of threats that been labeled recently as APTs are not significant threats, but simply mass malware (usually botnets). Industry statistics peg about six percent of all PCs in the enterprise and 25 percent at the consumer level as infected with botnet-type mass malware. Bot masters gain remote-control capabilities, allowing them to command PCs to search hard drives for information, intercept keystrokes to access online accounts, send spam and participate in DDoS attacks. The malware is typically installed through well-known vulnerabilities in browsers and browser plug-ins, such as Java, Adobe Reader and Flash.
Prevention is simple: Patch the OS and applications, configure them for maximum robustness, uninstall Java or restrict its use to select sites, and run the PC as a normal user without administrator privileges. Once these measures are implemented, the infection rate will drop – allowing users to focus on real APTs, which previously were next-to-impossible to detect.