Note: Sample below may appear distorted but all corresponding word document files contain proper formattingExcerpt from Research Paper:
They include the use of stealthy tactics, tools and techniques in order to avoid detection by antimalware software. The second goal is to create a backdoor that allows the attackers to gain greater access to the compromised software especially if other access points are discovered or patched. The third goal is to initiate the primary mission of the attackers which may be to steal sensitive information, monitor communications or simply to disrupt operations. The last goal is to leave the compromised computer without being detected McAfee, 2010()
Effect of APT on the National Security
Advanced persistent threats are designed to steal sensitive information by stealthily innovatively and tactically evading the detection by common malware software. Advanced persistent attacks are usually targeted to be large-scale attacks. The main goal or objective of the attack is to steal intellectual property from the compromised computers. There have been cases reported where organizations have lost millions and even billions in terms of information from research. In some cases, certain organizations have even been bankrupted because they were unable to compete in a cost effective manner with their competitors after these malicious competitors had stolen their intellectual property.
In the year 1990, Ellery Systems which is located in Boulder, Colorado suffered a huge blow when one of the company employees sent sensitive information to one of the largest competitors of the company who is located in China, Beijing Machinery. This led to Ellery system going bankrupt and was also partially responsible for the creation of the Economic Espionage Act of 1996. Another case is the DuPont case where Gary Min, one of the company employees stole about 400 million dollars in intellectual property and sold it off to an Asian competitor called Victrex in the year 2005. Just a few years after this incident, another employee of DuPont stole intellectual property relating to a new monitor that was as thin as paper that the company had devised and gave it to his alma mater at the Peking University in Beijing. The same value that is placed in this kind of intellectual property theft cases can be placed by cybercriminals who institute APTs for this reason McAfee, 2010()
These instances described above show that advanced persistent threats can be a national security issue. These kinds of attacks can have a huge impact on the revenue, branding and shareholder faith in a particular government venture or ministry and this can also lead to lawsuits and regulatory penalties from trade partners and other larger regulatory institutions such as the International Monetary Fund and the World Bank.
APT attacks can also be used to attack a critical point of the global economy such as the electrical grid. With the world currently becoming computerized and almost everything being controlled by computers and electricity, an attack on the electrical grid system could have a huge impact on the whole city. Imagine a situation whereby an attack is conducted on the country's electrical grid. When the power goes off, many other activities will stop. For example, the safety systems of nuclear plant reactors run on electricity therefore these will shut down too. Supplies to ATMs, gas stations, grocery stores and other premises will also be depleted since there will be no way of tracking down the stocks that need replenishing. Hospitals will also suffer greatly since they will not be able to keep up with emergency services such as the intensive care unit (ICU). These preempted harmful effects of an attack on the national electrical grid system are but one example of the national risk of an APT McAfee, 2010()
Combating the advanced persistent threat
Mitigation of APTs is quite a difficult process. This is because the APT itself is usually designed to be stealthy and to move from the compromised system to another part of the system that is not compromised without generating any network or internet traffic that would be easily picked by antimalware software. The APT is usually designed to evade antimalware software and to uniquely beat these soft wares in terms of entry into the system, gathering of information and exit. This is what makes APT mitigation difficult.
However, with the use of careful monitoring of the systems and computers, it is possible to mitigate APTs. It involves more than just the prevention of antimalware software or data loss. Therefore, it is not just sufficient for the company to spend a lot in terms of firewalls, monitoring and antimalware software or other such similar tools. Skilled attackers can still be able to easily maneuver their way round these security measures with ease. Although these tools are an essential first step in the prevention of APTs, they are not complete solutions for this Andress, 2011()
All the security in the world can be in place, but if these tools are not actually monitored, they may as well be disposed of to save on the utilities. Attackers count on these tools being simply plugged in and ignored, or not even being capable of detecting the social engineering or zero-day attacks they are using. Andress, 2011()
The only way to defend from APT is through regular logging and monitoring of all system activities in order to be able to detect illegal accesses no matter how stealthily they may be hidden. This also helps to develop a baseline for normal network and host activities which are critical in detection of the APT attack. This baseline also helps in the monitoring process since it becomes a reference value to help the monitoring team know even when there is a slight spike in usage. Another important thing is to test the system regularly to check if defense measures are working as desired and that the system is logging and monitoring itself effectively. Keeping in touch with news is also important since it helps the monitoring team to know of changes which are happening in the fast evolving computer world Andress, 2011()
Advanced persistent threats have three important components. These are that they are advanced, persistent and that they pose a threat. These components help to differentiate APTs from less advanced attacks. Since they are carried out over a long period of time, they are usually carefully designed to stealthily hide from common antimalware software. Therefore, the mitigation of APTs is quite a difficult process. The effects of an APT attack can run into the billions and this poses a national security problem and this is why all measure should be taken to mitigate the risk as early as possible.
Andress, J. (2011). Attacker Sophistication Continues to Grow? ISSA Journal, June (2011), 18-25.
Knapp, E.D. (2011). Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. Amsterdam: Elsevier Science.
McAfee. (2010). Advanced Persistent Threats. Santa Clara, CA: McAfee.
Surhone, L.M., Tennoe, M.T., & Henssonow, S.F. (2010). Advanced Persistent Threat. Saarbrucken: VDM Verlag…[continue]
"Persistent Threat Information Security Advanced Persistent" (2012, March 10) Retrieved October 24, 2016, from http://www.paperdue.com/essay/persistent-threat-information-security-advanced-54915
"Persistent Threat Information Security Advanced Persistent" 10 March 2012. Web.24 October. 2016. <http://www.paperdue.com/essay/persistent-threat-information-security-advanced-54915>
"Persistent Threat Information Security Advanced Persistent", 10 March 2012, Accessed.24 October. 2016, http://www.paperdue.com/essay/persistent-threat-information-security-advanced-54915
Persistent Threats (APT) Summit occurred in July of 2011 over two days in Washington DC and was an attempt to bring together the top leaders from the government and from business to help target the influence that such threats pose. The summit also functioned as a means for drafting up ways to protect against the most detrimental APTs and to discuss defense mitigation (rsa.com). Advanced Persistent Threats are essentially
According to Toronto Star reporter Stephan Handelman in an article printed in 2005, the U.S. senior intelligence analysts consider China to be the greatest long-term threat to U.S. stability. China's military force and computer intelligence has reached its peak. Both the Europeans and the U.S. agree that the expansion of the Chinese military is more than "worrisome." Another article posted on November 16, 2007 by the Washington Post claims that spying
Metrics, Implementation, and Enforcement (Security Governance) How can you determine whether there has been a malware outbreak? The threat situation today has become more dangerous than in the past. Security and safety threats have been increasing in an alarming rate; there are more than 70,000 brand new bits of malware recognized daily. Well-funded cybercriminals have been currently making advanced malware that has been made to bypass present security options by launching prior
IT Security Plan The technological advances that have been witnessed in the past twenty to thirty years, has placed a tremendous emphasis on data and information. Computers have changed the world in many facets and the ability to communicate and perform work have been greatly assisted by the digital age. Along with these new found powers, there exists also new found threats. The ability to protect these investments and resources of
The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored
Cyber Crime Task Force "Are computer vulnerabilities growing faster than measures to reduce them? Carelessness in protecting oneself, tolerance of bug-filled software, vendors selling inadequately tested products, or the unappreciated complexity of network connectivity has led to…abuse…" (Lukasik, 2011). The evidence is overwhelming that cyber crimes are not only increasing each year, but the sophistication of the attacks is greater each year and the impacts of attacks are more severe each year
cybercrime forensics lab work received approval purchase a software suite aid investigations. Your supervisor (Mr. Turtle) asks create a proposal comparing computer forensic software utilities recommend purchase-based research. Security forensic software tools Security information and event management has experienced much progress in recent years and there are currently a great deal of software providers that direct their attention toward the field. Through analyzing security alerts, SIEM creators make it possible for