Since the allegedly state-sponsored cyber-attack known as ‘Aurora’ in early 2010, much has been made of the so called APT – ‘advanced, persistent threat’. Since then an increasing number of APTs have made the technical and mainstream media including ‘Stuxnet’ in 2011 and more recently ‘Flame’, writes, head of KPMG’s I-4 Programme, Mark Waghorne
Go deeper with GlobalData
APT is a catchy acronym, but what does it really mean?
Persistent, targeted attacks are characterised by the covert penetration of systems by unauthorised individuals to illegally exfiltrate information (i.e. using undetected means to illicitly transmit information from an organisation’s network) of political, military or economic value from an organisation over a sustained period of time, typically using that information for competitive advantage. Initial attacks may be a precursor to later attacks on the same organisation or used as a stepping stone to attack another organisation.
The majority of APT attacks are considered to originate from a very limited number of known territories and an attack of this type will have a number of traits, including:
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData– Ongoing in nature;
– A series of similar attacks with one or more attributes remaining constant;
– Not just malware;
– Will use a variety of methods to breach defences e.g. social engineering; and
– Specifically designed to remain undetected, i.e. ‘Slow and Low’.
Key to all of this is that the attack will be targeted and the attackers well organised, educated, tenacious and highly skilled – with the aim of exfiltration of valuable information.
Much of what we read is that these attacks have been targeted at defence suppliers and the oil and gas industry – that is, organisations with huge amounts of valuable intellectual property. So are these types of attack relevant to retail banking?
Yes and four areas spring to mind. The first is the use of the same or similar techniques for straightforward financial crime. The second is to allow a competitor to gain some form of commercial advantage over another organisation by illicitly acquiring (for example) information about another’s financial standing; perhaps particularly during a merger or acquisition or other commercial transaction. The third may be from ‘simple’ activists using the tools that were once the domain of the privileged few to cause public disruption to systems and embarrassment to the bank when those systems are driven off line. Retail banks may also be targeted if they provide services to "dissidents", perhaps particularly to obtain information that reveals location).
For a retail bank what might an attack of this type look like? As already mentioned, they are likely to have many facets, and include among other things:
– Social engineering and the targeting of individuals as a way onto the corporate network have been cited as the most successful routes deployed by an APT attack. As well as targeting an organisation’s executive with phishing style social engineering attacks, a determined adversary may also target their executive assistants and perhaps, through their social media presence, their personal network.
– Further down the seniority chain, targeting individuals with privileged access to a retail bank’s IT systems may provide a route into the infrastructure.
– Finally, the bank’s information security mechanisms may all be in very good shape, but like other industry sectors retail banks rely on an extended supply chain that may be less robust and represent a path of least resistance.
What about defence? As is often the case – get the basics right. From keeping patching up to date, hardening systems to remove unneeded services and avoid known weaknesses, keeping privileged access to a minimum and having robust anti-malware techniques in place – and not just those that rely on signatures. Additionally, education – keeping everyone aware of the risks of phishing and social engineering can be a powerful defensive tool.
Should retail banks adopt a sense of panic? Of course not. Focus on well planned and executed defence strategies, build heightened detection capabilities that identify an attack before it can take hold and, critically, have planned in advance how to respond.
