FBI has finally accepted that foreign hackers who are possibly state-sponsored groups have been infiltrating into the networks of a number of US agencies and other private business conglomerates since 2011.
However, FBI has not yet revealed the origin and motives of these rogue hacking groups but it has confirmed this by saying “these groups of malicious cyber actors who have compromised and stolen sensitive information.”
On the basis of a list of a number of Web domains that has been used by these hackers to host their malware and C&C (command and controls) servers, some IT experts and FBI have concluded that it can be the work of a sort of cyber-espionage group which known by their code name APT6.
APT which stands for Advanced Persistent Threat, is a term popular in info security industry to describe and identify some threat actors who have a some peculiar goals and are focused only on some specifically identified targets. Most of these APT groups are state-sponsored and they launch their attacks only on those targets which will serve the interests of their financier country.
John Peterson, vice-president of Enterprise Products at a cybersecurity company Comodo, quoted, “A variety of methods are used in successful APT attacks – including the use of externally available, public information tools and resources on social media, traditional media and other resources where the organization may be advertising for IT staff— thereby disclosing the hardware and software skills being sought after.”
Talking about the lethality of APTs he added, “By being patient, the hackers can gradually work their way into higher value segments of the network where important data resides. APTs do not look for a home run at the outset. The main objective is to gain access into low priority areas the company fails to protect adequately – typically a user’s endpoint.”
Mr. Peterson also added, “The organization’s business partners, suppliers and customers will also typically be thoroughly researched and noted. An APT is not a one-shot attempt.”
Mr. Peterson has also offered the following advice for a company that wants to strengthen its security against APTs and state-level threats:
○ Use latest and updated antivirus, whitelisting, firewalls, and modern sandboxing and containerization technologies; keep your software up-to-date through patching
○ Have an advanced endpoint protection system, secure your web gateway and have a breach & threat detection system in place that produces a layered and integrated approach to security
○ Conduct penetration testing at regular intervals; install intrusion detection and keep intrusion prevention systems installed over and above standard firewalls. Regularly audit SIEM logs and firewall for anomalies
○ Train and educate users and most importantly your employees on security protocols, keep BYOD and VPN policies in place; have acceptable use policies backed and certified by C-level execs – visibly enforce these policies to your network and ensure that user training is not falling behind the latest threats
○ Ensure the principle of least privilege – e.g., make sure that domain administrators are not using domain administrator credentials for basic break-fix solutions; and custom software are never being run as a system – it should, at least, have its own system-level account with distinct system privileges.
Stay safe and stay tuned. Adios.