In these days many people are asking me what they can do to stop an Advanced Persistent Threat. Although security firms are running fast to develop new technologies to thwart these attack vectors (sophisticated SIEMs and a new breed of network security devices, the so called Next Generation IPSs), unfortunately I am afraid the answer is not so easy. I might spend thousands of words to figure out the answer, but I would not be able to give a better representation than this cartoon I found a couple of days ago in the Imperva Blog.
Intentional or unintentional the human error is always the first vector an Advanced Persistent Threat exploits to enter the organization: as a matter of fact all the APT attacks recorded in 2011 (and unluckily examples abound in the news), have a point in common: the initial gate which allowed the attack to enter, that is the user.
The last resounding example is not an exception to this rule: on Friday November, the 17th Norway’s National Security Authority (NSM) confirmed that systems associated with the country’s oil, gas, and energy sectors were hit with a cyber attack, resulting in a loss of sensitive information. If we look at the information available for this attack, it is really easy to find all the ingredients of a typical APT Attack: virus spread via malware-infected emails sent to “selected individuals”, sophisticated malware designed to avoid detection by anti-virus solutions, and, last but not least, sophisticated malware designed to steal information from the victim’s computer: documents, drawings, username and password.
So at the end which is the key to face an APT, before the technology itself is able to catch it? The answer (and the technology) spins around the user which is the first firewall, IPS, anomaly detector, who can stop an APT. Of course exactly like security devices must be configured to stop the intrusion attempts, analogously users must be
configured educated not to accept virtual candies from strangers, hence acting as unintentional gates for the threats to enter the organizations. This often happens because of shallow behaviors or also because of behaviors in clear contrast with the internal policy (yes the infamous AUP). I use to say that security is a mindset, quite similar to distrust: you have it since you are naturally born with it, or you may simply be educated to embrace it.
Keep in mind the central role of the user inside the security process since 2012 will be the year of APTs… Would you ever buy (and heavily pay) an armored door for your home and give the key to people you do not trust?
- Are You Ready For The Next Generation IPS? (paulsparrows.wordpress.com)
- Advanced Persistent Threats and Security Information Management (paulsparrows.wordpress.com)
- 855,576 hits since November 2010
08/13/2011 - My Post on Android Malware Mentioned on Engadget.
04/14/2011 - The Article Smart Grid: L'ultima Frontiera del Cybercrime published on ICT Security Magazine May 2011.
03/14/2011 - Security Summit 2011: Paolo Passeri guest at Round Table "Mobile Security: Rischi, Tecnologie, Mercato"
02/14/2011 - The Article Gears of Cyberwar published on ICT Security Magazine January 2011.
About This Blog
In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.
Every information is reported with its source.
Anyone intending to use information contained in my post is free to do so, provided that mention my blog in your article.
Top Posts & Pages
- List Of Hacked Celebrities Who Had (Nude) Photos Leaked
- 1-15 July 2014 Cyber Attacks Timeline
- 2014 Cyber Attacks Timeline Master Index
- 2012 Cyber Attacks Statistics
- A (Graphical) World of Botnets and Cyber Attacks
- 2013 Cyber Attacks Statistics
- 2013 Cyber Attacks Statistics (Summary)
- 1-15 June 2014 Cyber Attacks Timeline
- One Year Of Android Malware (Full List)
- 2013 Cyber Attacks Timeline Master Index
- P.F. Chang's incident calls for updating payments tech lnkd.in/dQpjRE8 - 22 hours ago
- @artbyalida @thepacketrat he did the same one week ago for CNET… - 23 hours ago
- WSJ website hacked, data offered for 1 bitcoin -> Here's a cyber attack that will be included in the next timeline: arstechnica.com/security/2014/… - 23 hours ago
- @HP TippingPoint and @lastlineinc team up to offer advanced network protection h30499.www3.hp.com/t5/HP-Security… - 1 day ago
- Without a good Italian espresso it's impossible to build cutting-edge technology! http://t.co/GZTZFXktsc - 1 day ago
- @lastlineinc recognized by CRN as a 2014 Emerging Vendor | Business Wire businesswire.com/news/home/2014… - 2 days ago
- 1-15 July 2014 Cyber Attacks Timeline #Infosec #Cyberattacks wp.me/p14J6X-2D9 - 3 days ago
- @ckreibich same test worked with an @A10Networks SSL inspector: malicious files downloaded through an https connection perfectly detected! - 1 week ago
- RT @lastlineinc: 'Cloud malware analysis a must-have for advanced threat protection' @TechTarget bit.ly/W70Opa http://t.co/ji5qWtt… - 1 week ago
- RT @cedricpernet: We are proud to be the first french guys to release a white paper about an #APT group :) ow.ly/z2fzL #cybercri… - 1 week ago