The latest breach at Scottrade makes one thing abundantly clear – cyber criminals have become more sophisticated and increasingly dangerous. With so many cyber security failures, it would be easy to assume that security appliances aren’t effective enough to protect businesses—but it’s more complicated than that. While cyber security technology is getting better at defending against simple attacks, it’s time for companies to start addressing a far more sinister situation – advanced persistent threats (APTs).
APTs can be a real threat and in this blog we identify what to do when your company is under attack and how to protect your network from APT attacks.
Understanding what APTs look like is essential to creating a solid cyber security structure. There are plenty of examples of APT attacks in the news, but it can be tough to glean all the details from a company focused on maintaining its image in the public eye. Luckily, USA Network’s latest hit show, Mr. Robot, provides an archetype for APT attacks that is uncharacteristically accurate for television and film.
Let’s dive into the world of Mr. Robot and see how it provides a spot-on example of APTs. Be careful, though—there will be spoilers.
APTs are Just as Much About Psychology as They Are About Technology
In the show, main character Elliot Anderson (Rami Malek) is rushed to the cyber security firm he works at in the middle of the night to quell a DDoS attack against the conglomerate, Evil Corp. Elliot is intrigued by the intricate R U Dead Yet (RUDY) attack for it’s ability to slowly overwhelm the Evil Corp network, but he is able to hunt down the CS30 server exploit fairly efficiently.
The DDoS attack in and of itself would be a simple cyber attack—albeit a dangerous and costly one for any organization. Mr. Robot takes the RUDY attack a step further and moves it in the realm of APTs.
When Elliot finds the .dat file from cyber criminal group FSociety, he uncovers a note that says “Don’t delete me.” Elliot is too curious to let the threat go and leaves the rootkit in place as a backdoor for the attackers to return. This is the crux of an APT—distract the business with an immediate cyber threat and leave a backdoor behind for even greater exploits later on. And FSociety’s intentions are clear as evidenced in this eerie clip:
There’s a cloud of mystery regarding how the rootkit made it into the server, but whether it was a phishing attack, spear-phishing, Trojan malware or an inside threat, the human component is the base threat that companies need to look out for.
As Elliot puts it, “People always make the best exploits. I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.”
The Attacker is In the System—Now What?
Companies must understand the steps attackers take to carry out an APT. While Mr. Robot provides a good example, Daemon Behr provides a simplified account of what happens when a cyber criminal launches an APT attack:
- Initial Recon
- The initial compromise
- Establishing a foothold with malware and remote administration tools (RATs)
- Escalating privileges with ARP spoofing, packet analysis and more
- Internal recon
- Moving laterally through the network
- Capitalizing on the attack
In a sophisticated attack, there are many steps that cyber criminals must take to reach their end goal—all of which give you an opportunity to thwart their attempts. While cyber criminals are more sophisticated than ever, there are still opportunities to improve your defenses.
Visibility is Key to Cyber Defense
You can train employees all you want, but cyber criminals are pioneering social engineering tactics to compromise the human component of cyber security—there’s no way around it. Ensuring total network visibility is the first step in a tight cyber security strategy because it will give you the insight you need to spot APTs before they can reach their end goal.
Network TAPs are the only way to ensure 100% network traffic visibility. Because they are purpose-built boxes, network TAPs cannot be attacked themselves, giving you a reliable way to keep an eye out for APTs.
Did you watch Mr. Robot through its first season? Let us know what you found to be eye-opening from a cyber security standpoint on our Twitter or Facebook pages.
Want to learn more about the imapct of cyber attacks and data breaches? Click below to download your complimentary copy of The State of Security Infographic.
