Do we understand "Advanced Persistent Threats" correctly ?
Yogesh Gupta
Experienced Cloud Enablement & Security Professional | Risk Mitigation Strategist | Championing IT Transformation | Passionate about designing lean multi-cloud hybrid IT environments
Advanced Persistent Threat (APT) is often defined as a network attack where the bad guy comes in and stays in the network for long period of time undetected and steals loads and loads of data.
Main motive is stealing data and not destroying the data .
My question is are they really "Advanced Persistent Threats" or simply "bad security" on victim network.
I question it because when I look at attack trends, they all begin with Social Engineering (most of the cases, spear phishing), then poor password / security management and lastly bad or no detection system.
Lets discuss one of the famous attacks which was suppose to be out of this world and sophisticated and 'oh my god' types.
It is Ashley Madison Hack, the most talked about espionage of 2015. Was it really an advanced attack for which nothing could have been done to protect ?
No, it was not. It was a result of a very bad protection and in fact, no detection at all. According to the hackers, The Impact Team (who took ownership), the password to all the servers was Pass1234 and they also got hold of security report of the network which said what all vulnerabilities are there in the network.
And there was no detection system in place and they were sitting in the network from months collecting 100s of TB of Data.
So, by definition, since they were sitting there for months and stealing loads of data, we can say it’s a "Advanced Persistent Threat" otherwise with the kind of security they had, even a script kiddie would have run a brute force attack tool and got into their network.
And if we look at some of other "big and famous attacks" like Anthem, Primera, or Sony in last year or so, they will not tell you the true definition of "Advanced Persistent threat. They all will show you that attacks happened because of bad security program.
Companies, still, have very low budget for security and in that budget, they tend to over spend on Protection whereas very less importance is given to Detection and Response.
Lastly, I can only say that falling back to basics like better security program - good password and other security polices , better detection mechanism & good training and awareness programs can help us fight these most hyped buzzword of "Advanced Persistent Threats".