APT Attacks: Planned & Directed Cyberattacks

APT stands for Advanced Persistent Threats. APT attacks got their name because the attacks are advanced, with highly-skilled cybercriminals using cutting-edge technology and techniques combined with various cyberattacks such as phishing and malware. The attack is carried out over a long period of time, making it persistent and conducted by humans with ill intentions, making it a threat.

Successful attacks lead to intellectual property theft, compromised sensitive information, sabotaging critical organizational infrastructures, and/or total site takeovers. Common methods cybercriminals use to enter a network are remote file inclusion (RFI), SQL injection, and cross-site scripting (XSS). Trojans and backdoor shells are often used to increase the cyber criminals’ presence on a network¹. Malware is also commonly installed to exploit network vulnerabilities or to gather valuable data.

APT Attacks That You Might Have Heard In The News This Last Year Include:

• An attack on county governments: SolarWinds Attacks: Sunburst (Dec. 13, 2020) and Supernova (Feb. 3, 2021)
• An attack on the healthcare system: APT29 Attack Covid-19 Vaccine (July 16, 2020)
• An attack on banking/eCommerce: North Korean Magecart Attacks (June 10, 2020)
• An attack on a city municipality (suspected APT): Florida City’s Water Treatment System Hacked (Feb. 8, 2021)

Protect Your Network From APTs

APTs are intricate, with multiple aspects woven together for a single purpose. Your network security should be the same. A single security solution is not capable of fully protecting your business. You need a combination of security solutions working together and in tandem to protect your business. We recommend using the following practices²:

1. Install a firewall – sets a baseline defense for your business.
2. Enable a web application firewall – detects and blocks attacks from web applications by inspecting HTTP traffic.
3. Install Antivirus – detects and blocks viruses, malware, trojans, and other cyber threats
4. Implement Intrusion Prevention Systems (IPS) – use an IT security service to monitor your network for strange and malicious activity.
5. Create a Sandboxing Environment – create a secure, virtual environment that enables you to test untrusted programs and codes without any risks to your network.
6. Install a VPN (virtual private network) – provides an encrypted ‘tunnel’ to your network for your employees to use that is not accessible to the public and cybercriminals.
7. Enable Email Protection – this is the most common and most effective attack vector. Protect your emails with spam filtering, malware detection, and employee education.
8. Have Data Backup & Recovery – in the event of a breach, human error, or an act of God, protect your business from losing data with a backup and recovery solution in place.

RDI has multiple network security services to help better protect your network from cyber threats such as APTs. We can help you with all of the security practices listed above and more. Contact us for more information on any of our network security services.

Note 1 – Compartitech Jul. 2020. What is an advanced persistent threat(APT), with examples.
Note 2 – Solid State Systems LLC 2021. Advanced Persistent Threat Protection: 7 Ways to Prevent APT Attacks.