Final data forensics reveal that the company was compromised for more than 24 months prior to Sarah’s discovery. The firm fell victim to a sophisticated attack known as Advanced Persistent Threat or “APT.” Despite what news headlines may indicate, these type of attacks are not just targeted at large retailers. Any company with sensitive financial information or intellectual property make perfect targets.
Nation States are the primary developers and executors of APT code, although its use in organized crime is growing at a significant rate (what would Al Capone think?). “Commodity” actors, or hackers for hire are also in the mix. APT “kits,” often originally developed by Nation State employees, are widely available for sale on the black market.
We reference the ways APT penetrate systems by the number of days vulnerabilities are discovered relative to the time in which it has been exploited. For example, Zero-day exploits take advantage of unknown vulnerabilities in software. The vendor has had zero days to patch the flaw because it was unknown. The vulnerability is essentially discovered on the same day as the APT, day zero. Half day refers to exploits that take advantage of software vulnerabilities that are known to the vendor, but haven’t been patched.
These actors spend significant resources researching popular and company specific software as well as supply chain solutions, looking for vulnerabilities that can be exploited for zero-day and half-day attacks. They then weaponize these vulnerabilities as a way to target your company or sell it on the black market to the highest bidder. Unfortunately, security tools are not programmed to find these exposures – they simply don’t know about them. Attacks using these techniques go undetected for months, giving attackers ample time to fortify their access into your network.
There are several reasons:
The post How Advanced Persistent Threats Happen: On Any Given Evening (Part 1) appeared first on Beyond Bandwidth.0