
Today I had shared a phone call with a very knowledgable and respected security industry analyst. During cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 course of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conversation he made a few statements which puzzled me, so I asked him "do you know what APT means?" He might have thought I was referring to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Debian Advanced Package Tool or apt, but that's not what I meant. When I said Advanced Persistent Threat, it still didn't ring any bells with him. I decided to do some searching on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web to see what was available regarding APT.
Helpfully, BusinessWeek just published
Under Cyberthreat: Defense Contractors this week. The article begins like this:
Northrop Grumman's info security chief addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "well-resourced, highly sophisticated" attacks against makers of high-tech weaponry...
The defense industry faces "a near-existential threat from state-sponsored foreign intelligence services" that target sensitive IP, according to a report by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet Security Alliance, a nonprofit organization on whose board McKnight sits...
[BusinessWeek asked:] Are defense contractors being singled out in highly targeted attacks?
[McKnight responded:] It's gotten to a point where it has a name for itself: cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT or "advanced persistent threat," meaning that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are well resourced, highly sophisticated, clearly targeting companies or information, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y're not giving up in that mission.Incidentally, McKnight practices NSM:
[BusinessWeek asked:] What kind of tools do you use to keep your network secure?
[McKnight responded:] We've focused a lot on... capabilities where you're capturing all traffic, not just bits and pieces of it.Security company Mandiant devotes an entire site to
APT, saying:
The Advanced Persistent Threat (APT) is a sophisticated and organized cyber attack to access and steal information from compromised computers.
The intruders responsible for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT attacks target cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Defense Industrial Base (DIB), financial industry, manufacturing industry, and research industry.
The attacks used by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT intruders are not very different from any ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r intruder. The main differentiator is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT intruder’s perseverance and resources. They have malicious code (malware) that circumvents common safeguards such as anti-virus and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y tend to generate more activity than wanton “drive by hacks” on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet.
The intruders also escalate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir tools and techniques as a victim firm’s capability to respond improves. Therefore, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT attacks present different challenges than addressing common computer security breaches.
Combating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT is a protracted event, requiring a sustained effort to rid your networks of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 threat. I briefly mentioned APT in my post last year
Thoughts on 2008 SANS Forensics and IR Summit.
Aside from Northrup Grumman, Mandiant, and a few vendors (like NetWitness, one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 full capture vendors out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re) mentioning APT, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's not much else available. A Google search for
"advanced persistent threat" -netwitness -mandiant -Northrop yields 34 results (prior to this blog post).
APT is one of those subjects that is very important but not well understood outside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 defense industry. Your best bet for a public introduction to APT is to watch for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next Webinar offered by
Mandiant. Ask cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to do anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r soon; I listened to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir Webinar in May and realized many participants had never heard of APT before. If you're not down with APT, you need to be.
Richard Bejtlich is teaching new classes in
Las Vegas in 2009.
Late Las Vegas registration ends 22 July.