DOCSLIB.ORG

Targeted Threat Index: Characterizing and Quantifying

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Targeted Threat Index: Characterizing and Quantifying Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware Seth Hardy, Masashi Crete-Nishihata, Katharine Kleemola, Adam Senft, Byron Sonne, and Greg Wiseman, The Citizen Lab; Phillipa Gill, Stony Brook University; Ronald J. Deibert, The Citizen Lab https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/hardy This paper is included in the Proceedings of the 23rd USENIX Security Symposium. August 20–22, 2014 • San Diego, CA ISBN 978-1-931971-15-7 Open access to the Proceedings of the 23rd USENIX Security Symposium is sponsored by USENIX Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware Seth Hardy§ Masashi Crete-Nishihata§ Katharine Kleemola§ Adam Senft§ Byron Sonne§ Greg Wiseman§ Phillipa Gill† Ronald J. Deibert§ § The Citizen Lab, Munk School of Global Affairs, University of Toronto, Canada † Stony Brook University, Stony Brook, USA Abstract creasing problem for CSOs. These attacks are not iso- lated incidents, but waves of attacks organized in cam- Targeted attacks on civil society and non-governmental paigns that persistently attempt to compromise systems organizations have gone underreported despite the fact and gain access to networks over long periods of time that these organizations have been shown to be frequent while remaining undetected. These campaigns are cus- targets of these attacks. In this paper, we shed light on tom designed for specific targets and are conducted by targeted malware attacks faced by these organizations by highly motivated attackers. The objective of these cam- studying malicious e-mails received by 10 civil society paigns is to extract information from compromised sys- organizations (the majority of which are from groups re- tems and monitor user activity and is best understood as lated to China and Tibet issues) over a period of 4 years. a form of espionage. CSOs can be particularly suscep- Our study highlights important properties of malware tible to these threats due to limited resources and lack threats faced by these organizations with implications on of security awareness. Targeted malware is an active re- how these organizations defend themselves and how we search area, particularly in private industry. However, quantify these threats. We find that the technical sophis- focused studies on targeted attacks against CSOs are rel- tication of malware we observe is fairly low, with more atively limited despite the persistent threats they face and effort placed on socially engineering the e-mail con- the vulnerability of these groups. tent. Based on this observation, we develop the Targeted In this study, we work with 10 CSOs for a period of Threat Index (TTI), a metric which incorporates both so- 4 years to characterize and track targeted malware cam- cial engineering and technical sophistication when as- paigns against these groups. With the exception of two sessing the risk of malware threats. We demonstrate that groups that work on human rights in multiple countries, this metric is more effective than simple technical sophis- the remaining eight groups focus on China and Tibet- tication for identifying malware threats with the high- related human rights issues. We focus on targeted mal- est potential to successfully compromise victims. We ware typically delivered via e-mail that is specifically tai- also discuss how education efforts focused on changing lored to these groups as opposed to conventional spam user behaviour can help prevent compromise. For two which has been well characterized in numerous previous of the three Tibetan groups in our study simple steps works [27, 42, 45, 52, 70, 71]. We consider the threats to such as avoiding the use of email attachments could these groups along two axes: the technical sophistica- cut document-based malware threats delivered through tion of the malware as well as sophistication of the so- e-mail that we observed by up to 95%. cial engineering used to deliver the malicious payload. We combine these two metrics to form an overall threat 1 Introduction ranking that we call the Targeted Threat Index (TTI). While other scoring systems exist for characterizing the Civil society organizations (CSOs), working on hu- level of severity and danger of a technical vulnerabil- man rights issues around the globe, face a spectrum ity [7, 17, 41, 50], no common system exists for ranking of politically-motivated information security threats that the sophistication of targeted e-mail attacks. TTI allows seek to deny (e.g. Internet filtering, denial-of-service at- us to gain insights into the relative sophistication of so- tacks), manipulate (e.g. website defacements) or moni- cial engineering and malware leveraged against CSOs. tor (e.g. targeted malware) information related to their A key to the success of our study is a unique method- work. Targeted malware attacks in particular are an in- ology, combining qualitative and technical analysis of USENIX Association 23rd USENIX Security Symposium 527 e-mails and their attachments with fieldwork (e.g. site in Section 4. Training and outreach implications of our visits) and interviews with affected CSOs. This method- work are discussed in Section 5. We present related work ology, which we describe in more detail in Section 3, al- in Section 6 and conclude in Section 7. lows us to both accurately rate the level of targeting of e- mail messages by interfacing with CSOs participating in our study (Section 4.2), and understand the relative tech- 2 Background nical sophistication of different malware families used in the attacks (Section 4.3). By combining the strengths of 2.1 Targeted Malware Overview our qualitative and quantitative analysis, we are able to Targeted malware are a category of attacks that are dis- accurately understand trends in terms of social engineer- tinct from common spam, phishing, and financially mo- ing and technical sophistication of politically-motivated tivated malware. Spam and mass phishing attacks are targeted malware threats faced by CSOs. indiscriminate in the selection of targets and are directed Our study makes the following observations, which to the largest number of users possible. Similarly, finan- have implications for security strategies that CSOs can cially motivated malware such as banking trojans seek employ to protect themselves from targeted malware: to compromise as many users as possible to maximize Attachments are the primary vector for email based the potential profits that can be made. The social engi- targeted malware. More than 80% of malware deliv- neering tactics and themes used by these kinds of attacks ered to Tibet-related organizations in our study and sub- are generic and the attack vectors are sent in high vol- mitted to us is contained in an e-mail attachment. Fur- umes. By contrast targeted malware attacks are designed ther, for 2 of the 3 Tibetan organizations in our study for specific targets, sent in lower volumes, and are moti- (with at least 40 submitted e-mails), simply not opening vated by the objective of stealing specific sensitive data attachments would mitigate more than 95% of targeted from a target. malware threats that use email as a vector. Targeted malware attacks typically involve the follow- Targeted malware technical sophistication is low. So- ing stages [24, 66]: cial engineering sophistication is high We find that Reconnaissance: During this stage attackers conduct the technical sophistication of targeted malware deliv- research on targets including profiling systems, software, ered to CSOs in our study is relatively low (e.g., rela- and information security defenses used to identify possi- tive to commercial malware that has been found targeting ble vulnerabilities and contextual information on person- CSOs and journalists [35,36,38] and conventional finan- nel and activities to aid social engineering. cially motivated malware), with much more effort given Delivery: During this stage a vector for delivering to socially engineering messages to mislead users. This the attack is selected. Common vectors include e-mails finding highlights the potential for education efforts fo- with malicious documents or links, or contacting targets cused on changing user behaviours rather than high-cost through instant messaging services and using social en- technical security solutions to help protect CSOs. gineering to send malware to them. Typically, a target of CSOs face persistent and highly motivated actors. such an attack receives an e-mail, possibly appearing to For numerous malware samples in our study we ob- be from someone they know, containing text that urges serve several versions of the software appearing over the user to open an attached document (or visit a web- the course of our four year study. These multiple ver- site). sions show evidence of technical improvements to com- Compromise: During this stage malicious code is exe- plement existing social engineering techniques. cuted on a target machine typically after a user initiated Since the start of our study we have participated in action such as opening a malicious document or link. a series of workshops with the participating Tibetan or- ganizations to translate these results into a training cur- Command and Control: During this stage the infected riculum. Specifically, we have educated them about how host system establishes a communications channel to a to identify suspicious e-mail headers to identify spoofed command and control (C&C) server operated by the at- senders and demonstrated
Load more

Recommended publications
  • A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics
    UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics PH.D THESIS Platon Pantelis Kotzias Copyright c 2019 by Platon Pantelis Kotzias iv DEPARTAMENTAMENTO DE LENGUAJES Y SISTEMAS INFORMATICOS´ E INGENIERIA DE SOFTWARE ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Doctor of Philosophy in Software, Systems and Computing Author: Platon Pantelis Kotzias Advisor: Dr. Juan Caballero April 2019 Chair/Presidente: Marc Dasier, Professor and Department Head, EURECOM, France Secretary/Secretario: Dario Fiore, Assistant Research Professor, IMDEA Software Institute, Spain Member/Vocal: Narseo Vallina-Rodriguez, Assistant Research Professor, IMDEA Networks Institute, Spain Member/Vocal: Juan Tapiador, Associate Professor, Universidad Carlos III, Spain Member/Vocal: Igor Santos, Associate Research Professor, Universidad de Deusto, Spain Abstract of the Dissertation Potentially unwanted programs (PUP) are a category of undesirable software that, while not outright malicious, can pose significant risks to users’ security and privacy. There exist indications that PUP prominence has quickly increased over the last years, but the prevalence of PUP on both consumer and enterprise hosts remains unknown. Moreover, many important aspects of PUP such as distribution vectors, code signing abuse, and economics also remain unknown. In this thesis, we empirically and sys- tematically analyze in both breadth and depth PUP abuse, prevalence, distribution, and economics. We make the following four contributions. First, we perform a systematic study on the abuse of Windows Authenticode code signing by PUP and malware.
    [Show full text]
  • What You Should Know About Kaspersky
    What you should know Proven. Transparent. about Kaspersky Lab Independent. Fighting for your digital freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky Lab has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent Independent Kaspersky Lab routinely scores the highest We are totally transparent and are making As a private company, we are independent marks in independent ratings and surveys. it even easier to understand what we do: from short term business considerations and institutional influence. • Measured alongside more than 100 other • Independent review of the company’s well-known vendors in the industry source code, software updates and We share our expertise, knowledge • 72 first places in 86 tests in 2017 threat detection rules and technical findings with the world’s • Top 3 ranking* in 91% of all product tests • Independent review of internal security community, IT security vendors, • In 2017, Kaspersky Lab received processes international organizations, and law Platinum Status for Gartner’s Peer • Three transparency centers by 2020 enforcement agencies. Insight** Customer Choice Award 2017, • Increased bug bounty rewards with up in the Endpoint Protection Platforms to $100K per discovered vulnerability Our research team is spread across the market world and includes some of the most renowned security experts in the world.
    [Show full text]
  • Bilan Cert-IST 2013
    Cert-IST annual review for 2014 regarding flaws and attacks 1) Introduction ..................................................................................................................................... 1 2) Most significant events of 2014 ...................................................................................................... 2 2.1 More sophisticated attacks that modify the risk level .............................................................. 2 2.2 Many attacks targeting cryptography ...................................................................................... 4 2.3 Cyber-spying: governments at the cutting edge of cyber attacks ........................................... 6 2.4 Flourishing frauds .................................................................................................................... 7 3) Vulnerabilities and attacks seen in 2014 ........................................................................................ 9 3.1 Figures about Cert-IST 2014 production ................................................................................. 9 3.2 Alerts and Potential Dangers released by the Cert-IST ........................................................ 11 3.3 Zoom on some flaws and attacks .......................................................................................... 12 4) Conclusions .................................................................................................................................. 15 1) Introduction Each year, the Cert-IST makes
    [Show full text]
  • Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’S College London, UK Published Online: 23 Dec 2014
    This article was downloaded by: [Columbia University] On: 08 June 2015, At: 08:43 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Strategic Studies Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/fjss20 Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’s College London, UK Published online: 23 Dec 2014. Click for updates To cite this article: Thomas Rid & Ben Buchanan (2015) Attributing Cyber Attacks, Journal of Strategic Studies, 38:1-2, 4-37, DOI: 10.1080/01402390.2014.977382 To link to this article: http://dx.doi.org/10.1080/01402390.2014.977382 PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content.
    [Show full text]
  • Cyber Threat Data Model and Use Cases Final Report
    CAN UNCLASSIFIED TA-35—Cyber Threat Data Model and Use Cases Final Report Dr. Antoine Lemay International Safety Research (ISR) Prepared by: ISR 38 Colonnade Road North Ottawa, Ontario Canada K2E 7J6 Contractor's document number: ISR Report 6099-01-03 Version 2.0 PSPC Contract Number: W7714-156105-T35 Technical Authority: Melanie Bernier, Defence Scientist Contractor's date of publication: September 2017 Defence Research and Development Canada Contract Report DRDC-RDDC-2017-C290 November 2017 CAN UNCLASSIFIED CAN UNCLASSIFIED IMPORTANT INFORMATIVE STATEMENTS The information contained herein is proprietary to Her Majesty and is provided to the recipient on the understanding that it will be used for information and evaluation purposes only. Any commercial use including use for manufacture is prohibited. Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada, but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it.
    [Show full text]
  • Use Style: Paper Title
    Volume 8, No. 5, May-June 2017 ISSN No. 0976-5697 International Journal of Advanced Research in Computer Science RESEARCH PAPER Available Online at www.ijarcs.info A Review of International Legal Framework to Combat Cybercrime Sandeep Mittal, IPS Prof. Priyanka Sharma Director Professor & Head LNJN National Institute of Criminology & Forensic Science Information Technology & Telecommunication, Ministry of Home Affairs, New Delhi, India Raksha Shakti University, Ahmedabad, India Abstract: Cyberspace is under perceived and real threat from various state and non-state actors. This scenario is further complicated by distinct characteristic of cyberspace, manifested in its anonymity in space and time, geographical indeterminacy and non-attribution of acts to a tangible source. The transnational dimension of cybercrime brings forth the issue of sovereignty, jurisdiction, trans-national investigation and extra territorial evidence necessitates international cooperation. This requires and international convention on cybercrime which is missing till date. Council of Europe Convention of Cybercrime is the lone instrument available. Though it is a regional instrument, non-members state like US, Australia, Canada, Israel, Japan etc. have also signed and ratified and remains the most important and acceptable international instruments in global fight to combat cybercrime. In this paper, authors have argued that Council of Europe Convention on Cybercrime should be the baseline for framing an International Convention on Cybercrime. Keywords: Cybercrime, International Convention on Cybercrime, Cyber Law, Cyber Criminology, International Cooperation on Cybercrime, Internet Governance, Transnational Crimes. cybercrime requires increased, rapid and well-functioning I. INTRODUCTION international cooperation in criminal matters’ [14]. As on December 2016, 52 States have ratified the Convention and Information Societies have high dependency on the 4 States have signed but not ratified.
    [Show full text]
  • The Concept of Infamy in Roman
    The International Journal ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2017 Volume 4 Number 4 (June) http://doi.org/10.9770/jesi.2017.4.4(12) Publisher CYBER SECURITY MANAGEMENT MODEL FOR CRITICAL INFRASTRUCTURE Tadas Limba¹, Tomas Plėta², Konstantin Agafonov3, Martynas Damkus4 1,3,4 Mykolas Romeris University, Ateities g. 20, 08303 Vilnius, Lithuania 2NATO Energy security center of excellence, Šilo g. 5a, 10322 Vilnius, Lithuania E-mails:[email protected]; [email protected]; [email protected]; [email protected] Received 18 February 2017; accepted 20 April 2017 . Abstract. Cyber security is the most critical aspect nowadays of our technologically based lives. Government institutions, banking sectors, public and private services, nuclear power plants, power grid operators, water suppliers or waste water treatment companies use information technologies in their day-to-day operations. Everything that uses technologies are based on communication and information systems and that means that it depends on cyber security. The public and private sector each year spend millions of dollars on technologies, security software and hardware devices that will increase the cyber security inside their companies, but they are still vulnerable. The main problem of this situation is that cyber security is still usually treated as a technical aspect or technology which can be easily implemented inside the organization and this implementation will guarantee cyber security. This attitude must change, because cyber security nowadays is something more than just the technology. This article presents the taxonomy of the critical infrastructure attacks, analyzes attack vectors and attack methods used to damage critical infrastructure as well as the most common cyber security mistakes which organizations make in the cyber security field when trying to make themselves safer from vulnerabilities.
    [Show full text]
  • The Role of Malware in Reported Cyber Espionage: a Review of the Impact and Mechanism
    Information 2015, 6, 183-211; doi:10.3390/info6020183 OPEN ACCESS information ISSN 2078-2489 www.mdpi.com/journal/information Review The Role of Malware in Reported Cyber Espionage: A Review of the Impact and Mechanism Gaute Wangen Norwegian Information Security Laboratory, Center for Cyber and Information Security, Gjøvik University College, Teknologivn. 22, 2815 Gjøvik, Norway; E-Mail: [email protected]; Tel.: +47-907-08-338 Academic Editors: Qiong Huang and Guomin Yang Received: 9 April 2015 / Accepted: 7 May 2015 / Published: 18 May 2015 Abstract: The recent emergence of the targeted use of malware in cyber espionage versus industry requires a systematic review for better understanding of its impact and mechanism. This paper proposes a basic taxonomy to document major cyber espionage incidents, describing and comparing their impacts (geographic or political targets, origins and motivations) and their mechanisms (dropper, propagation, types of operating systems and infection rates). This taxonomy provides information on recent cyber espionage attacks that can aid in defense against cyber espionage by providing both scholars and experts a solid foundation of knowledge about the topic. The classification also provides a systematic way to document known and future attacks to facilitate research activities. Geopolitical and international relations researchers can focus on the impacts, and malware and security experts can focus on the mechanisms. We identify several dominant patterns (e.g., the prevalent use of remote access Trojan and social engineering). This article concludes that the research and professional community should collaborate to build an open dataset to facilitate the geopolitical and/or technical analysis and synthesis of the role of malware in cyber espionage.
    [Show full text]
  • Cyber Security Assessment Netherlands Security Assessment Cyber
    CSAN-4 Cyber Security Assessment Netherlands Cyber Cyber Security Assessment Netherlands CSAN-4 Cyber Security Assessment Netherlands 4CSAN-4 1 2 National Cyber Security Centre The National Cyber Security Centre (NCSC), in collaboration with the business community, government bodies and scientists, is working to increase the ability of Dutch society to defend itself in the digital domain. The NCSC supports the central government and organisations in fulfilling an essential function for society by providing expertise and advice, response to threats and enhancing crisis management. In addition, the NCSC provides information and advice to citizens, the government and the business community relating to awareness and prevention. This means that the NCSC constitutes the central reporting and information point for IT threats and security incidents. The NCSC is part of the Cyber Security Department of the National Coordinator for Security and Counterterrorism [Nationaal Coördinator Terrorismebestrijding en Veiligheid] (NCTV). Collaboration and sources In drawing up this report the NCSC gratefully made use of information provided by the following parties: » The various ministries » MIVD (Military Intelligence and Security Service) » DefCERT (Defence Computer Emergency Response Team) » AIVD (General Intelligence and Security Service) » Team High Tech Crime, Dutch National Police » Public Prosecution Service » Tax and Customs Administration » Members from ISAC (Information Sharing and Analysis Center) » NCTV (National Coordinator for Security and Counterterrorism) » Scientific institutions » Universities » Experts in the field of cyber security Their contributions, the substantive reviews as well as publicly accessible sources, a survey, information from the vital sectors and analyses from the NCSC together, have made valuable contributions to the substantive quality of this assessment.
    [Show full text]
  • Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State
    Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State Sven Herpig ACKNOWLEDGEMENT I would like to thank my loving wife – source of inspiration, firmest believer and harshest critic. For without her, this research would have never progressed beyond the first few paragraphs. I am deeply grateful for having an amazing family. Their tireless encouragement and support allowed me to pursue my dreams. During the years of research, I was not able to spend as much time with them as I would have wanted, and only a tiny fraction of what they would have deserved. I would also like to acknowledge Doctor David Lonsdale, brilliant academic and amazing supervisor, without whom this work would have remained a body without soul. Last but not least, I want to give a shout-out to all the infosec people, cyber libertarians, strategists, hackers, academics and practitioners who helped me with their immense knowledge and vast networks over the last couple of years. Sven Herpig, January 2016 ____________________________ PhD Thesis, University of Hull Research: May 2011–March 2015 Approval: August 2015 Editing: January 2016 1 TABLE OF CONTENTS LIST OF ABBREVIATIONS .....................................................................................7 LIST OF FIGURES ................................................................................................... 10 LIST OF TABLES ..................................................................................................... 11 INTRODUCTION ....................................................................................................
    [Show full text]
  • Learn How to Protect It Before It Is Too Late Your Critical Infrastructure Is
    0100110001101111011100100110010101101101001000000110100101110 0000111001101110101011011010010000001100100011011110110110001 1011110111001000100000011100110110100101110100001000000110000 1011011010110010101110100001011000010000001100011011011110110 1110011100110110010101100011011101000110010101110100011101010 1110010001000000110000101100100010100110001101111011100100110 0101011011010010000001101001011100000111001101110101011011010 0100000011001000110111101101100011011110111001000100000011100 1101101001011101000010000001100001011011010110010101110100001 0110000100000011000110110111101101110011100110110010101100011 0111010001100101011101000111010101110010001000000110000101100 10001 0100110001101111011100100110010101101101001000000110100 1011100000111001101110101011011010010000001100100011011110110 1100011011110111001000100000011100110110100101110100001000000 1100001011011010110010101110100001011000010000001100011011011 1101101110011100110110010101100011011101000110010101110100011 1010101110010001000000110000101100100010100110001101111011100 1001100101011011010010000001101001011100000111001101110101011 0110100100000011001000110111101101100011011110111001000100000 0111001101101001011101000010000001100001011011010110010101110 1000010110000100000011000110110111101101110011100110110010101 1000110111010001100101011101000111010101110010001000000110000 1011001000101001100011011110111001001100101011011010010000001 1010010111000001110011011101010110110100100000011001000110111 1011011000110111101110010001000000111001101101001011101000010Your Critical
    [Show full text]
  • A Scary “Mask”: Tag, You’Re It! by Sharon D
    A Scary “Mask”: Tag, You’re It! by Sharon D. Nelson, Esq. and John W. Simek © 2014 Sensei Enterprises, Inc. Remember the childhood game of chasing all of your friends in an attempt to merely lay a finger on them so they could assume the role of the “it” person? It doesn’t feel much different these days when dealing with technology. There are a ton of “bad guys” trying to compromise your technology for a variety of reasons. Once your computer is infected it may be a long time before you are even aware of the compromise. Advanced Persistent Threat (APT) There are so many definitions of APT that it can make your head spin. It can refer to an advanced attack on a network. But today, an advanced persistent threat is more often defined as a body (e.g. a government) that has the ability and intent to target a specific entity with sophisticated intrusion techniques. Further, we describe an APT as dealing with a cyberthreat. Malware is installed on a computer or network device to gather intelligence and information about the selected target. Probably one of the more famous APTs is the Stuxnet worm, which targeted the computers for Iran’s nuclear program. Usage of APTs has grown tremendously over the last several years and we anticipate an even steeper growth given the recent revelations of spying activity by the NSA, Australian Signals Directorate and the British Government Communications Headquarters. Mask This is not the kind of mask that you wear on Halloween (or perhaps every night in New Orleans), but a recently discovered APT that has been around infecting computers for at least the last seven years.
    [Show full text]