They include the use of stealthy tactics, tools and techniques in order to avoid detection by antimalware software. The second goal is to create a backdoor that allows the attackers to gain greater access to the compromised software especially if other access points are discovered or patched. The third goal is to initiate the primary mission of the attackers which may be to steal sensitive information, monitor communications or simply to disrupt operations. The last goal is to leave the compromised computer without being detected McAfee, 2010()
Effect of APT on the National Security
Advanced persistent threats are designed to steal sensitive information by stealthily innovatively and tactically evading the detection by common malware software. Advanced persistent attacks are usually targeted to be large-scale attacks. The main goal or objective of the attack is to steal intellectual property from the compromised computers. There have been cases reported where organizations have lost millions and even billions in terms of information from research. In some cases, certain organizations have even been bankrupted because they were unable to compete in a cost effective manner with their competitors after these malicious competitors had stolen their intellectual property.
In the year 1990, Ellery Systems which is located in Boulder, Colorado suffered a huge blow when one of the company employees sent sensitive information to one of the largest competitors of the company who is located in China, Beijing Machinery. This led to Ellery system going bankrupt and was also partially responsible for the creation of the Economic Espionage Act of 1996. Another case is the DuPont case where Gary Min, one of the company employees stole about 400 million dollars in intellectual property and sold it off to an Asian competitor called Victrex in the year 2005. Just a few years after this incident, another employee of DuPont stole intellectual property relating to a new monitor that was as thin as paper that the company had devised and gave it to his alma mater at the Peking University in Beijing. The same value that is placed in this kind of intellectual property theft cases can be placed by cybercriminals who institute APTs for this reason McAfee, 2010()
These instances described above show that advanced persistent threats can be a national security issue. These kinds of attacks can have a huge impact on the revenue, branding and shareholder faith in a particular government venture or ministry and this can also lead to lawsuits and regulatory penalties from trade partners and other larger regulatory institutions such as the International Monetary Fund and the World Bank.
APT attacks can also be used to attack a critical point of the global economy such as the electrical grid. With the world currently becoming computerized and almost everything being controlled by computers and electricity, an attack on the electrical grid system could have a huge impact on the whole city. Imagine a situation whereby an attack is conducted on the country's electrical grid. When the power goes off, many other activities will stop. For example, the safety systems of nuclear plant reactors run on electricity therefore these will shut down too. Supplies to ATMs, gas stations, grocery stores and other premises will also be depleted since there will be no way of tracking down the stocks that need replenishing. Hospitals will also suffer greatly since they will not be able to keep up with emergency services such as the intensive care unit (ICU). These preempted harmful effects of an attack on the national electrical grid system are but one example of the national risk of an APT McAfee, 2010()
Combating the advanced persistent threat
Mitigation of APTs is quite a difficult process. This is because the APT itself is usually designed to be stealthy and to move from the compromised system to another part of the system that is not compromised without generating any network or internet traffic that would be easily picked by antimalware software. The APT is usually designed to evade antimalware software and to uniquely beat these soft wares in terms of entry into the system, gathering of information and exit. This is what makes APT mitigation difficult.
However, with the use of careful monitoring of the systems and computers, it is possible to mitigate APTs. It involves more than just the prevention of antimalware software or data loss. Therefore, it is not just sufficient for the company to spend a lot in terms of firewalls, monitoring and antimalware software or other such similar tools. Skilled attackers can still be able to easily maneuver their way round these security measures with ease. Although these tools are an essential first step in the prevention of APTs, they are not complete solutions for this Andress, 2011()
All the security in the world can be in place, but if these tools are not actually monitored, they may as well be disposed of to save on the utilities. Attackers count on these tools being simply plugged in and ignored, or not even being capable of detecting the social engineering or zero-day attacks they are using. Andress, 2011()
The only way to defend from APT is through regular logging and monitoring of all system activities in order to be able to detect illegal accesses no matter how stealthily they may be hidden. This also helps to develop a baseline for normal network and host activities which are critical in detection of the APT attack. This baseline also helps in the monitoring process since it becomes a reference value to help the monitoring team know even when there is a slight spike in usage. Another important thing is to test the system regularly to check if defense measures are working as desired and that the system is logging and monitoring itself effectively. Keeping in touch with news is also important since it helps the monitoring team to know of changes which are happening in the fast evolving computer world Andress, 2011()
Advanced persistent threats have three important components. These are that they are advanced, persistent and that they pose a threat. These components help to differentiate APTs from less advanced attacks. Since they are carried out over a long period of time, they are usually carefully designed to stealthily hide from common antimalware software. Therefore, the mitigation of APTs is quite a difficult process. The effects of an APT attack can run into the billions and this poses a national security problem and this is why all measure should be taken to mitigate the risk as early as possible.
Andress, J. (2011). Attacker Sophistication Continues to Grow? ISSA Journal, June (2011), 18-25.
Knapp, E.D. (2011). Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. Amsterdam: Elsevier Science.
McAfee. (2010). Advanced Persistent Threats. Santa Clara, CA: McAfee.