Next
reports
Rep or ts.InformationWeek.com
Advanced Persistent Threats:
The New Reality
For most organizations, the imminent danger that advanced persistent
threats pose has been relatively low. That’s changing as attackers’
target base widens, their knowledge grows and their cyber weapons
trickle down to the hacker masses. In this Dark Reading report, we
examine the current APT landscape and provide recommendations for
protecting your organization against this growing concern.
By Michael Cobb
Presented in conjunction with
Report ID: S6920513
May 2013 $99
Previous
Next
CONTENTS
reports
3
4
5
Author’s Bio
Executive Summary
Advanced Persistent Threats: Myth vs.
Reality
5 Figure 1: Hidden but Not Invisible
6 What Is an APT?
6 Figure 2: APT Technology
7 Who’s Behind APTs?
8 Figure 3: Profiling Threat Actors
9 An APT in Action
11 APT-as-a-Service
12 How to Fight Back
14 Related Reports
Advanced Persistent Threats: The New Reality
ABOUT US
InformationWeek Reports’ analysts arm business technology
decision-makers with real-world perspective based on qualitative
and quantitative research, business and technology assessment and
planning tools, and adoption best practices gleaned from
experience.
OUR STAFF
Lorna Garey, content director; [email protected]
Heather Vallis, managing editor, research; [email protected]
Elizabeth Chodak, copy chief; [email protected]
Tara DeFilippo, associate art director; [email protected]
Find all of our reports at reports.informationweek.com.
TABLE OF
reports.informationweek.com
May 2013 2
Previous
Next
Table of Contents
reports
Michael Cobb
InformationWeek Reports
Advanced Persistent Threats: The New Reality
Michael Cobb, CISSP-ISSAP, is a renowned security author with more than 15 years of
experience in the IT industry. He is the founder and managing director of Cobweb
Applications, a consultancy that provides data security services. He co-authored the
book IIS Security and has written numerous technical articles for leading IT publications. Michael is also a Microsoft Certified Database Administrator.
Want More?
Never Miss
a Report!
Follow
reports.informationweek.com
Follow
© 2013 InformationWeek, Reproduction Prohibited
May 2013 3
Previous
Next
Table of Contents
SUMMARY
reports
EXECUTIVE
reports.informationweek.com
Advanced Persistent Threats: The New Reality
There’s a lot we know about advanced persistent threats, but there’s a lot we don’t know.
This is due in large part to the complexity of the attacks and the stealth of the attackers.
Our knowledge about APTs is growing, but, unfortunately, that’s because the attacks
themselves are growing in frequency. Criminals using APTs want data, so the more valuable
an organization’s data, the more likely it is to be targeted. Government agencies and
organizations in industries such as finance, energy, IT, aerospace, and chemical and pharmaceuticals are the mostly likely to be the victims of APT infections, as are those involved in
international trade. Users and organizations with access through business relationships to
valuable data, such as smaller defense contractors, are also beginning to be targeted. And
the use of watering hole attacks may be heralding a change in tactic to mass infections,
which are then sifted for any potentially interesting targets. Criminals are less likely to target
organizations running critical infrastructure, but attempted APT-type attacks by hactivists
and nation-states are on the increase. Any organization running industrial control systems
linked to the Internet is at risk. Administrators of some systems may be unaware that their
systems are connected to the Internet, while systems installed some years ago, when cybersecurity was less of an issue, may not be adequately protected from attack.
To protect your organization against APTs, it’s important to know what an APT is — and
what it isn’t. In this Dark Reading report, we examine the history of the attacks in the context
of what’s happening today, analyze the ways in which the attacks are perpetrated, and
provide recommendations for knowing when such an attack is an imminent threat for your
organization.
May 2013 4
Previous
Next
Table of Contents
reports
Advanced Persistent Threats: The New Reality
Advanced Persistent Threats: Myth vs. Reality
The term advanced persistent threat, or
APT, was first used by the U.S. Air Force back
in 2006 to describe complex (advanced) cyber
attacks against specific targets over long periods of time (persistent). APTs first really hit
the headlines in 2010 when a worm called
Stuxnet was found to be infecting supervisory
control and data acquisition management
systems produced by Siemens. Subsequent
investigation revealed a cyber weapon
designed to shut down Iran’s nuclear program
by tampering with programmable logic controllers used in its nuclear fuel processing
plant. The sheer audacity and sophistication
of this attack created hysteria among security
professionals and network administrators, and
has led to a great deal of confusion about
what APTs are and what they can do.
Research into Stuxnet and the appearance of
Duqu and then Flame in 2012 have kept APTs
in the spotlight. Thanks to recent analysis such
as that found in information security firm Mandiant’s “APT1: Exposing One of China’s Cyber
Figure 1
Hidden But Not Invisible
Despite using several methods to cloak their APT operations, hackers’ activities can be analyzed and used to develop
better defenses. For example, based on when the Poison Ivy servers were active, it looks like attackers’ working hours
were between 2 a.m. and 10 a.m. UTC, plus one hour from Monday to Saturday.
Attacker’s Command & Control Infrastructure
Attacker controls RAT server
using VMWare remote desktop
Poison Ivy Server
Proxy Server
Attacker’s computer
Internet
orts
er p
v
o
0
es
icat or 346
n
u
m
80
Com 43, 80
4
,
80
Infected target network
Source: InformationWeek Reports
reports.informationweek.com
Port forwarding hides the real
IP address of the RAT server
S6920513/1
May 2013 5
Previous
Next
Table of Contents
reports
Espionage Units,” we now have a clearer idea
of the DNA of an APT. In this Dark Reading report, we reconsider the scope and potential of
APTs and offer some common-sense advice on
how your organization can combat this threat.
What Is an APT?
Though the term originally referred to
nation-states engaging in cyber espionage,
APT techniques are also being used by cybercriminals to steal data from businesses for
financial gain. What distinguishes an APT from
other threats is that it is targeted, persistent,
evasive and advanced.
>> Targeted: Unlike the majority of malware, which randomly infects any computer
vulnerable to a given exploit, APTs target specific organizations with the purpose of stealing specific data or causing specific damage.
The Conficker worm, for example, used many
advanced techniques but did not target a particular organization. It infected millions of
computers in more than 200 countries. In contrast, Stuxnet was designed to target a certain
type, a certain brand and a certain model of
reports.informationweek.com
Advanced Persistent Threats: The New Reality
control system. And the RSA SecurID attack
was developed specifically to obtain SecurID
information to be used in future APT attacks
against defense contractors, including Lockheed Martin. The Aurora attacks against
Google and Adobe targeted source code, and
Figure 2
APT Terminology
Security researchers and vendors use military terms and even invented words to describe malicious cyberactivity.
These definitions should help make things a little clearer.
Backdoor
Malware that allows remote administration of an infected system.
Compromised/Rogue
digital certificate
A digital certificate whose private key and certificate file have been illegitimately accessed and copied.
Cyber-something
Internet-related version of an existing activity or thing.
Drive-by download
Method of compromising computers by tricking the victim into unintentionally or unwittingly downloading
malware when visiting a website, viewing an email message or clicking on a pop-up window.
Exploit code
Code used to enter a target system by taking advantage of one of its vulnerabilities.
Payload
Once exploit code accesses a target system, the payload is executed (usually to install a backdoor).
Sandbox
A mechanism for executing untrusted code within a tightly controlled set of resources.
Trojan
Malware hidden in a program or file that appears useful, interesting or harmless.
Vulnerability
Typically a flaw in operating system or application software, but a vulnerability can also be a lack of protection,
a poor security practice or an incorrect system configuration.
Weaponized
document
Document or file containing malicious code.
Zero-day exploit
Exploits that take advantage of vulnerabilities for which there are no patches available from the software vendor.
Source: InformationWeek Reports
S6920513/2
May 2013 6
Previous
Next
Table of Contents
Trends in Mobile Device
Threats
While there’s some debate about
the level of threat mobile devices
pose, there’s no question that the
threat is growing. With readily
available information about the
devices in use, and often few
corporate safeguards in place,
mobile devices are turning out to
be a lucrative vector for attackers
looking for an in to enterprise
networks. In this Dark Reading
report, we explain how the threat
is growing, what attackers are
targeting and why you need to
be concerned.
Download
reports.informationweek.com
reports
the Sony attack targeted personally identifiable information.
These were not opportunistic attacks: They
were focused campaigns taking time, patience and money to achieve very specific objectives. With that said, some attacks are targeted but not APTs. Attacks by Anonymous
and LulzSec, for example, are always against a
specific organization, but they make little or
no effort to remain undetected, a key feature
of an APT.
>> Persistent: To achieve their objective,
those developing an APT must find vulnerabilities within a target’s infrastructure, evaluate
the security controls protecting it, determine
how to deliver the attack and exploit the vulnerability, compromise the target network,
gain access to privileged hosts, find the target
data and then extract it — all without being
detected. This requires enormous amounts of
research, and the entire process may take
months or even years. F-Secure Labs estimates
that it took more than 10 person-years of work
to develop Stuxnet. Related attacks like Duqu
and Flame might have taken even more.
Advanced Persistent Threats: The New Reality
>> Evasive: A key difference between most
malware and an APT is its ability to persist —
that is, to evade detection by network security
controls while still collecting and extracting
data. The ingenious methods used in the past
show the in-depth knowledge of the attack
developers.
In many cases, developers use unknown
zero-day exploits so there are no antivirus signatures available to provide protection. Members of the Elderwood gang, the hackers behind the Aurora attacks, have used eight
zero-day vulnerabilities during the last three
years. Flame managed to evade detection for
some five years while stealing all kinds of data
— even turning on victims’ computer microphones to record conversations. Data is hidden using custom encryption and within protocols that are allowed through firewall filters.
Surreptitious routes are used to contact command-and-control (C&C) servers for updates
and to extract information.
>> Advanced: APTs use a wide range of advanced methodologies to succeed with each
phase of an attack. Stuxnet included the first-
ever programmable logic controller rootkit.
Flame achieved what’s believed to be the
only in-the-wild cryptographic collision attack; it was used to hijack Microsoft’s Windows Update mechanism so it could spread
from machine to machine — a feat that requires the expertise of world-class cryptographers. It’s also suspected that some hackers
have managed to access source code for popular products from vendors such as Adobe
and Microsoft, making it easier to find zeroday vulnerabilities. Not all malware used in
APTs is so cutting-edge, but the way in which
the malware is used is often ingenious. Further, the planning and time spent on developing attacks shows just how well-resourced
and skilled the teams behind them are.
Who’s Behind APTs?
There’s always a lot of speculation and finger pointing once an APT attack is uncovered,
and those accused are usually the traditional
enemies of the victim. However, when it
comes to determining who is responsible for
a particular APT-style attack, there is usually
May 2013 7
Previous
Next
Table of Contents
reports
Advanced Persistent Threats: The New Reality
Figure 3
little irrefutable and unbiased evidence
available. What we do know is that APTs
require a level of skill so high that only
highly organized and well-funded cybercriminals and nation-states have the resources to carry them out.
The conclusions as to who is responsible for an APT attack are still mainly conjecture and supposition. For example, the
South Korean government can only surmise who was behind a cyber attack on
its banks and broadcasters. The government claims that investigators were able
to trace attacks that affected about
32,000 computers and disrupted some
Internet banking services and automated teller machines to an IP address in
North Korea. But IP addresses are always
spoofed in an attack.
Another example showing how difficult it is to identify those behind an
attack involves the work of the Winnti
group. This group has been running an
APT-style war against more than 30 online gaming companies around the
Profiling Threat Actors
According to the Verizon 2013 Data Breach Investigations Report, more than half of all external data breaches tie to
organized criminal groups.
Organized Crime
State-Affiliated
Activists
Victim Industry
Finance
Retail
Food
Manufacturing
Professional
Transportation
Information
Public
Other Services
Region of Operation
Eastern Europe
North America
East Asia (China)
Western Europe
North America
Common Actions
Tampering (Physical)
Brute force (Hacking)
Spyware (Malware)
Capture stored data (Malware)
Adminware (MAlware)
RAM Scraper (Malware)
Backdoor (Malware)
Phishing (Social)
Command/Control (C2) (Malware, Hacking)
Export data (Malware)
Password dumper (Malware)
Downloader (Malware)
Stolen creds (Hacking)
SQLi (hacking)
Stolen creds (Hacking)
Brute force (Hacking)
RFI (Hacking)
Backdoor (Malware)
Targeted Assets
ATM
POS controller
POS terminal
Database
Desktop
Laptop/desktop
File server
Mail server
Directory server
Web application
Database
Mail server
Desired Data
Payment cards
Credentials
Bank account info
Credentials
Internal organization data
Trade secrets
System info
Personal info
Credentials
Internal organization data
Source: Verizon 2013 Data Breach Investigations Report
reports.informationweek.com
S6920513/3
May 2013 8
Previous
Next
Table of Contents
Like This Report?
Rate It!
Something we could do
better? Let us know.
Rate
reports.informationweek.com
reports
world since 2009, although the attacks were
only discovered in 2011. By stealing digital
certificates signed by legitimate software vendors, the group has been able to sign malware
to use in attacks. It has then stolen source
code to find vulnerabilities that let the group
loot in-game currencies and sell them for real
money. Researchers say they have found examples of Chinese language in some of the
malware and that the attacks used IP addresses based in China. However, the certificates that were stolen have been used in attacks orchestrated by other hacking groups
against companies in the aerospace industry,
South Korea’s largest social network and political activists. No one knows if the Winnti
group sold or, because of political affiliations,
freely supplied the certificates used in these
attacks.
Stuxnet appeared in the Middle East, with
nearly half of the proven infections being in
Iran. It has been acknowledged as an American and Israeli state-sponsored creation.
Because of key connections between
Stuxnet and Flame, Russian security firm
Advanced Persistent Threats: The New Reality
Kaspersky Lab says there can be little doubt
that Flame is also an American and Israeli
weapon. Yet, in terms of actual attribution,
we still cannot be 100% sure. The culprit is
often identified because we don’t know who
else it could be.
The Mandiant APT1 report is probably the
closest anyone’s gotten to pinpointing where
some of these attacks originate. APT1 is one
of more than 20 APT groups with origins in
China. The group has conducted a cyber espionage campaign since at least 2006, and it’s
believed to have stolen hundreds of terabytes of data from at least 141 organizations
around the world. Mandiant tracked APT1
back to four large networks in Shanghai, two
of which serve the Pudong New Area. This is
the location of Unit 61398 of the People’s Liberation Army and is in precisely the same
area from which APT1 activity appears to
originate. Although a lot of the evidence is
very compelling, little can be confirmed as
concrete fact, with most of Mandiant’s findings prefaced with “believed to be,” “appears
to be” or “almost certainly.”
An APT in Action
The most common technique for introducing APT malware into a victim’s network is a
spear-phishing campaign using sophisticated
social engineering techniques. This is an easier and more successful approach than trying
to break through network perimeter defenses. Depending on how the communication is carried out — such as via email, IM or
social networking message — either a malicious file attachment or link to a malicious site
is included.
To increase the chances of the target clicking the malicious link or opening the attachment, attackers spend a lot of time researching the phishing target and the target
system. Information is mined from a variety
of sources, including corporate blogs; Google
searches; phone calls; social media sites; and
even the target’s friends, colleagues and followers. This research can tell attackers
enough about the target’s computing environment that specific operating systems and
application vulnerabilities on the target’s
computer can be exploited without detecMay 2013 9
Previous
Next
Table of Contents
reports
tion by any installed security systems.
Messages are often sent from webmail
accounts or from spoofed email addresses,
such as government email addresses. In addition, Microsoft Office documents, PDFs and
Hangul files — a word processing application
that supports the Korean language — are commonly used as booby-trapped attachments.
A method of infection that has emerged
more recently is the use of “watering holes.”
By injecting malicious code into a website
targets are likely to
visit, there is no need
A method of infection that has
for any direct contact
emerged more recently is the use
with the victim. It’s similar to a typical drive-by
of “watering holes.”
download attack, except the watering hole has been selected for
the audience it attracts. For example, hackers
compromised the nongovernmental organization Tibetan Homes Foundation website in
an ongoing campaign to monitor Tibetan
sympathizers. The attack installed a back door
signed with a Winnti stolen certificate delivered via a Flash exploit.
reports.informationweek.com
Advanced Persistent Threats: The New Reality
Indeed, more and more APT attacks use
stolen and compromised certificates. They can
be used to sign malware so that it appears legitimate and leveraged for man- in-themiddle attacks that are undetectable by end
users. Stuxnet, Duqu and Flame all used rogue
certificates to evade detection. However, they
were delivered not by email but by a USB
drive. This may seem rather low tech compared with other methods, but it’s very effective in the face of a highly isolated network
because it’s directed at the weakest link in the
security chain — human behavior. An infected
USB key doesn’t need to bypass network security controls, and it can pass through security doors, access secure areas and be plugged
into privileged or mission-critical machines by
engineers, maintenance workers and others
with physical access to the network. These
people may be acting either as collaborators
or unwitting accomplices.
Once attackers manage to infect their
victim’s machine, the process of installing a
back door and the full range of attack tools
and exploring the network begins. Flame
spread through a network by spoofing a
Windows Update server. If it infected a device
running Bluetooth, the device was turned into
a Bluetooth beacon so it could download data
from any nearby Bluetooth-enabled device. It
could also spread itself via Bluetooth, using
any devices with a wireless connection to the
Internet to bypass network firewalls and reach
its C&C servers — a route that bypassed any
security controls on the network.
While many attacks try to immediately gain
control of a victim’s system, recent APTs seem
to have operated far more stealthily. Research
by FireEye provides great insight into the sophistication of the latest methods being used.
For example, Trojan.APT.BaneChant leverages
multiple advanced evasion techniques to
achieve stealth and persistent infection. A
spear-phishing document is used to exploit a
known vulnerability and download an XORencoded binary.
This, however, is only stage one of the malicious payload. It incorporates mouse-click detection to evade sandbox analysis. Only if it
detects three or more left-mouse clicks — evMay 2013 10
Previous
Next
Table of Contents
Like This Report?
Share it!
Tweet
Like
Share
reports.informationweek.com
reports
idence of human interaction — will it attempt
to download the stage two payload and the
true malicious code. Using a legitimate URLshortening service to defeat automated URL
blacklisting, a fake JPEG file to defeat network
binary extraction is downloaded and executed directly in memory. It achieves persistency by creating a shortcut in the startup
folder pointing to a copy of itself masquerading as a legitimate Google Updater.
Analysis of compromised systems shows that
multiple tools are often used in parallel and
typically mutate to avoid detection. A popular
tool is the remote administration tool called
Poison Ivy, which has the following capabilities:
>> File management
>> File search
>> File transfer
>> Registry management
>> Process management
>> Services management
>> Remote shell
>> Screen shot creation
>> Hash stealing
>> Audio capture
Advanced Persistent Threats: The New Reality
Two Luxembourg-based security organizations — Malware.lu CERT and iTrust Consulting — studied how APTs covered in the Mandiant APT1 report use a Poison Ivy server
hidden behind a proxy server using port forwarding to hide the real IP of the attacker’s
computer (see Figure 1).
There’s no doubt that those developing
APTs are incredibly knowledgeable, but they
aren’t infallible. For example, Flame is certainly
cutting-edge malware, but its creators left
enough clues in the source code that
researchers were able to link Flame to the
developers of Stuxnet and Duqu. In another
example of APTs gone wrong, the Stuxnet
worm was supposed to work only within
Iran’s Natanz refining facility, yet somehow it
escaped the Natanz network and began
spreading: Stuxnet has been found to have infected more than 40,000 unique external IP
addresses from over 155 countries. And the
Winnti group didn’t intend to infect users of
the online game servers the group had attacked, yet some of the tools used turned up
on users’ machines. This error helped trigger
an investigation that led to the discovery of
the real campaign.
The sophistication and capabilities of some
APTs is truly intimidating, and concerns have
been raised about the threat of APTs to critical
infrastructures that support our economies,
such as power and water systems. It’s unlikely
these systems are suddenly going to fail because of an APT because terrorist groups lack
the required technical expertise to make this
happen. It isn’t just a case of switching off a
system via a cyber attack; the attack has to actually reprogram the system, and that’s extremely difficult. Countries such as China may
well have the ability to severely disrupt our
key infrastructure services, but there’s no
commercial or political benefit in destabilizing the world economy they are part of. Sabotage and espionage are quite different.
APT-as-a-Service
Hackers are adopting an increasingly commercial approach to the business of cybercrime. Like regular software, crimeware is
continually adding new features to attract
May 2013 11
Previous
Next
Table of Contents
reports
users. For example, a new SpyEye variant can
activate the victim’s webcam and capture the
video stream. Zeus, a popular banking Trojan
horse, became harder to take down with its
Gameover version, and the Citadel version
even introduced a customer ticketing system
for better service. Botnets have evolved from
single-purpose to multipurpose weapons,
built with a modular design that allows the
same collection of compromised machines to
execute different tasks without having to repeat the infection process.
A lot of time and money are being invested
in creating better malware and infection
methods, but the focus is still on quick results and returns. Hactivists want to make a
statement now; criminals want to make a
profit now.
While it’s unlikely that malware-as-a-service
will spread to APTs, what is troubling is that
the techniques being created for use in APTs
are filtering out into the wild. Those involved
in their development are selling exploits,
source code and stolen digital certificates,
which is resulting in APT knowledge and rereports.informationweek.com
Advanced Persistent Threats: The New Reality
sources turning up in malware kits. This
means that what was once high-level, rarified
knowledge is trickling down to the masses.
Extrapolating even further, this means that
APTs are now a clear and present danger for
an increasing number of organizations.
How to Fight Back
Rarely will a single event alert network security controls to an APT. Therefore, no silverbullet technologies will single handedly stop
and catch APT-type attacks. What is needed is
a multilayered approach to identify patterns
of events that are characteristic of APT behavior and methodologies. Any suspicious behavior can then be investigated, and remedial action taken, to stop an attack from spreading.
While perimeter defenses remain essential,
they can no longer operate in isolation. The
information they produce in the form of logs
and alerts needs to be pooled and aggregated with logs from desktops and servers to
provide better insight into activity within an
organization. This threat intelligence can be
enhanced by incorporating external feeds to
effectively combat threats at all layers and
identify behaviors not seen before, such as
zero-day attacks. One weakness that all information-stealing malware has is that it has to
send the data out of the network. Network
administrators should be looking at any suspicious egress traffic as a possible APT red
flag. Also, to maintain persistence, APTs will often make modifications to the file system and
registry, so integrity checks to monitor such
changes are essential.
Many security vendors are upgrading their
intelligence-driven security products to incorporate big data to aid in the discovery of malicious activity hidden deep in the masses of
an organization’s data. It’s hoped that this approach can deliver before-the-fact alerts, but
it’s not yet proven. Human surveillance and investigation will still be necessary to spot certain clues. For example, Kaspersky researchers
found the gaming servers infected by Winnti
activities because infected home computers
were connected by the fact that their owners
were all fans of the same online games.
Most APT attacks focus on the acquisition of
May 2013 12
Previous
Next
Table of Contents
reports
sensitive data, so controls that protect the
data itself — wherever it resides — are extremely important components of defense.
The vast majority of all data compromised involves servers, so those systems holding sensitive data need to be secured in well-protected and dedicated network segments.
Data must be encrypted while at rest and during transit across the network with strong authentication controlling who can access it and
from where.
It should go without saying that operating
system and application software must be
patched. The Red October malware infected
hundreds of computer networks in diplomatic, governmental and scientific research
organizations around the world using boobytrapped Microsoft Word and Excel documents
that exploited vulnerabilities Microsoft had already patched. Red October is one of the
most advanced espionage tools ever discovered, with more than 1,000 modules, but victims have made things easy for attackers by
leaving their systems unpatched.
Finally, awareness training about APTs is esreports.informationweek.com
Advanced Persistent Threats: The New Reality
sential. Nearly every known attack has required some human interaction to enable the
attacker to gain a foothold within the network. Increasing user knowledge and improving users’ security behavior is critical to stemming the tide of successful intrusions. The use
of mobile devices also needs to be brought in
line with acceptable-use policies applied to
laptops — securing any network requires
documented policies and procedures as a
foundation.
Our understanding of APTs is increasing all
the time. Threat intelligence from the global
security community — that is, what others
have already discovered or uncovered — can
be leveraged to improve detection of malicious activity within other networks. Industries need to share information on attempted
cyber attacks not just with government intelligence services but with their peers. APTs are
certainly no myth, and the reality is that our
defenses are still playing catch-up. This reinforces the maxim that security is a process,
not a one-off event or product.
May 2013 13
Previous
Table of Contents
MORE
reports
LIKE THIS
Newsletter
Want to stay current on all new
InformationWeek Reports?
Subscribe to our weekly
newsletter and never miss
a beat.
Advanced Persistent Threats: The New Reality
Want More Like This?
InformationWeek creates more than 150 reports like this each year, and they’re all free to registered
users. We’ll help you sort through vendor claims, justify IT projects and implement new systems by providing analysis and advice from IT professionals. Right now on our site you’ll find:
Heading Off Advanced Social Engineering Attacks: Social engineering attacks are getting increasingly
sophisticated, but there’s only so much the law and technology can do to protect your organization. In
this Dark Reading report, we detail how a social engineering attack is developed and what IT professionals
can do to prevent their users from being targets and victims.
How Cybercriminals Choose Their Targets and Tactics: They are out to get you, make no mistake. But
there are things you can do to make sure that your organization is unappealing to a cybercriminal bent on
finding easy pickings. The key is to understand what cybercriminals are looking for and how they go
about the business of infiltrating vulnerable systems and networks.
How Did They Get In? A Guide to Tracking Down the Source of APTs: If you think your organization
hasn’t been affected by an advanced persistent threat, you probably haven’t looked hard enough. Identifying that your organization is under attack is hard enough; determining the scope of infiltration and
damage presents a whole new level of challenge. To effectively protect against APTs, security pros will
need to employ an arsenal of tools in coordinated fashion, as well as develop new understanding of and
approaches to system and data exploits.
PLUS: Find signature reports, such as the InformationWeek Salary Survey, InformationWeek 500 and the
annual State of Security report; full issues; and much more.
Subscribe
reports.informationweek.com
May 2013 14