Advanced Persistent Threats (APT) represent a risk to organizations, but they can not be deal with the same tools as generic malware. The main difference lies in the financial support they have (for example, governments or organized crime)
Among the activities of the APT, one could highlight both espionage that provides strategic and political advantage between different states with cyber-offensive capabilities, and the economic retribution that they can obtain from the attacks.
The study of APT seeks to understand the groups in order to understand what their objectives are, what information they handle, their operations, their tactics and procedures… In short, the intelligence extracted from this study allows security teams to anticipate their campaigns.
But how do you know if your company is a target of any of these groups?
From Lab52, we launched a web portal where you can model your company to cross with our database of attacks, updated in real time, and check which APT groups might have an interest in your company and to what degree.
In this way, you can draw up an effective defence plan that has to answer the question of “Where do I start?”
Let’s look at an example.
Let’s assume that our organization is part of the government of Spain.
By modeling our company, we would come up with a series of results which show that there are multiple APT groups that might be interested in attacking us.
But, as we have said, we have to focus our defense strategy. This is where Lab52’s scoring system comes in.
There are four levels of criticality, taking into account the characteristics of your organization and the information associated with the different groups. From this, the following levels are obtained to assess the risk of your organization being a target for that APT group:
–Red: there is a very high risk. They have previously targeted organizations in that sector and in that country.
–Orange: there is a high risk. They have previously attacked organization in that sector or in that country.
–Yellow: there is a medium risk. They have carried out attacks towards countries with strong relations with those of that country, or shares strong links with the indicated sectors.
–Green: there is a moderate risk. It has carried out attacks towards countries with some relations with those of that country, or shares some links with the indicated sectors.
In this way, it is possible to establish which are the main groups on which defence efforts should be focused, in addition to being able to download the commitment indicators associated with that group. All this is free of charge.
However, it could be argued that only large companies are targeted by the more sophisticated APT groups.
Let us now assume that our company is located in Bulgaria and is engaged in the consulting sector.
In this case, the level of risk for APTs does not seem to be high.
However, let us now assume that the companies to which the consultancy services are provided are located in France and are engaged in the banking sector.
In this case, it can be seen how the risk of being attacked by a particular APT increases.
This is just one example of many: companies that are involved in transport, but transport military equipment; companies that are involved in software, but are subcontracted by governments; academic companies, but work with the aerospace sector.
They all share the same idea: we may not initially consider that our company can be targeted by an APT group, but who we work with greatly influences our value.
Multiple incidents occur where a company has multiple security measures in place, but is nevertheless more “open” in communicating with one of its suppliers, which can be an interesting backdoor for groups whose sole objective is to gain access to the most confidential information.
Finally, it is worth noting the fact that the geopolitical context changes every day, you may not be objective today but you will be tomorrow.
To be aware of the new APT groups and their campaigns, we recommend you to subscribe to our feed, which will keep you updated on new IOCs that may compromise you, or new groups that may affect your company.
Leave a Reply