IDG News Service - When Google admitted last year that it had been targeted by sophisticated hackers, possibly from China, it introduced a new term into the high technology lexicon -- the advanced persistent threat. These attacks are sophisticated, targeted, and almost impossible to stop. But according to Verizon, they're also a lot less common than most people think.
In fact, nowadays it's easier for some companies to say they were the victims of an advanced persistent threat (APT) attacks than to admit that their security systems failed, said Bryan Sartin, Verizon's director of investigative response. "It's out there," he said of the APT. "It's just so extremely overhyped."
Sartin, whose team gets called in to find the cause of data breaches, says that he's seen a tendency to label any hacking incident an APT attack play out several times since Google went public with the issue in January last year. Usually it happens about a month or two after his team finishes its analysis. "I get a link sent to me from one of my investigators saying, 'You're not going to believe this.' I open the link and get a statement from the company blaming advanced persistent threat."
Advanced persistent threat attacks are supposed to be sophisticated and highly targeted data exfiltration exercises conducted by spies or agents working on behalf of nation states.
Blaming APT has "become the perfect excuse" for companies recovering from a data breach, Sartin said. "It's almost as if it's become chic in the U.S. to blame it [on APT]," he said.
Part of the problem is confusion over China, the country most commonly associated with APT attacks. China is the source for most online attacks these days, no matter what the motivation. The country has more than 400 million Internet users, and many of them are using computers that don't have up-to-date patches or security software. Those PCs often get hacked and then used as stepping-stones for further attacks.
"China is like the wild west of source IP addresses that can be taken over to stage attacks, " Sartin said. So when attacks happen, "everybody looks at it and says, 'Oh that's the Chinese government.'"
That's a mistake, Sartin said. In fact, the majority of attacks -- 78 percent of all incidents -- result in stolen bank card data. That's not something that APT data-stealers are looking for. Data that's important to national security -- a prime target in the real APT incidents -- is stolen just 3 percent of the time, he said.
Working with the U.S. Secret Service and the Dutch National High Tech Crime Unit, Verizon was able to analyze 760 data breaches that occurred in 2010. Verizon is publishing its Data Breach Investigations Report detailing these findings on Tuesday.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever. All Cybercrime and Hacking White Papers | Webcasts