Ask industry players to define APT and you'll likely get several views. Add to this still-lingering marketing hype bolstering solutions' capabilities to directly address APTs and the resulting confusion that abounds among many security practioners is quite understandable. So, how do these attacks differ from others infiltrating your networks? What are the goals of those spearheading these types of attacks, and how do their methods differ from more traditional infrastructure assaults? This session explores these questions and provides some strategies to defend against these.
While McAfee's recently released "Shady RAT" report concentrated on the victims of a mass cyberespionage ring, another researcher has decided to focus his attention on the adversaries behind such attacks. In a video recorded last week at the Black Hat conference in Las Vegas, Joe Stewart of Dell SecureWorks explains how he was able to trace 60 families of custom malware thanks to error messages yielded by a "connection bouncer" tool used by the hackers to hide their tracks, but which inadvertently pointed back to about a dozen command-and-control centers hosted by ISPs in China. Two of the malware families are known to have been used in the RSA SecurID breach. "It gives you a better line on attribution," Stewart told SCMagazineUS.com.
The AdvancedPersistent Threat (APT) is a sophisticated and organized cyber attack to access and steal information from compromised computers. The intruders responsible for the APT attacks target the Defense Industrial Base, financial industry, manufacturing industry, and research industry. The attacks used by the APT intruders are not very different from any other intruder. The main differentiator is the APT intruder's perseverance and resources. They have malicious code (malware) that circumvents common safeguards such as anti-virus, and they escalate their tools and techniques as a victim's capability to respond improves. MANDIANT will discuss how they assist organizations in addressing the APT.