APT & Targeted Attacks
The Evolution of Targeted Attacks in a Web 3.0 World
Cloud computing, mobile, Advanced Persistent Threats. All are buzz words of the moment in IT and information security circles and yet all are frequently misunderstood and dealt with in silos.
Cloud computing, mobile, Advanced Persistent Threats. All are buzz words of the moment in IT and information security circles and yet all are frequently misunderstood and dealt with in silos. It’s become something of a truism to say that the cyber security landscape is constantly morphing. Well, as APTs adapt for the Web 3.0 age, a holistic approach to managing cloud, mobile, cyber and physical security becomes even more fundamental to the success of your information security plans.
Web 3.0 is the next stage of the internet. An internet for the machines where everything with an electric current running through it has an IP address and is communicating with other machines like it, without the need for human intervention. The machines will get to a point approaching artificial intelligence where they will learn about your likes, dislikes and needs, locations and associations and organize and present information to you from the web. The user must not demonstrate intention as he or she will not need to click on a link or open an attachment anymore to receive information. This is big data, driven by the cloud and with the mobile device as your personally tailored endpoint which gathers, stores, accesses and transfers this information.
Such data can of course be extremely valuable to the avaricious cybercriminal. But what we’re starting to see in the financial services sector and at a government level are cyber crooks using proximity attacks so that not only do they get access to the victim’s prized cloud data, but they can also hack the physical attributes of the phone for gain.
These attacks could come originally via a network-based intrusion, or be aimed directly at the device via a spear phishing or spear texting attack, an unsecured Wi-Fi connection or malware disguised as a legitimate app. They used to be the preserve of the movies. Not anymore. Now, malware can be used to effectively hack your reality. The cybercriminal is able to completely take over your device, view your calendar schedule and turn on the camera or mic to spy on an important meeting, for example. Meanwhile, thanks to the cloud and Web 3.0 data your location can be tracked with ease at all times. The automation of these proximity attacks hearkens a brave new world.
It’s not difficult to see how dangerous such threats are to commercial or government organisations – not only do the hackers have access to a gold mine of sensitive information being pushed out to the endpoint, but by eavesdropping through the device they could gather additional saleable competitive intelligence or perhaps even leverage the info for insider trading.
These kinds of attacks raise important questions about how your security teams are working right now and how closely aligned your mobile and cloud security strategies are. Physical and cyber security teams have historically always competed for budget but internal strife needs to be placed aside to tackle the threat of proximity attacks. At last, there is an area where both can collaborate effectively – cyber criminality which poses a physical threat to the security of the organisation.
It should also be a wake-up call to CISOs that their efforts to secure the cloud should never be thought of independently to mobile security. The device is not merely the endpoint for big data and the cloud; it’s an intrinsic part of the ecosystem which needs to be included in a holistic approach.
As for the mobile devices which represent the greatest risk to organisations, it’s not Android smartphones but the wide variety of tablets which executives are demanding they be able to use at work. Typically, these devices are bought by the execs themselves, who make matters worse by requesting IT allow them to receive and view sensitive documents. It makes it very difficult to manage and secure these while adequately mitigating the risk of proximity attacks.
So what can CISOs do? Well, they can’t say no to their senior execs but they could limit the functionality of the devices in specific locations to reduce risk. For example, access could be granted in the boardroom but only if SMS texting, microphone and camera features are switched off. It’s about limiting the functionality and making the device context-aware according to location.
Another pillar of good information security is a viable cloud strategy which incorporates the endpoint – mobile – and in order to achieve this they need to think about continuous monitoring. APTs are designed to evade detection and use the most insidious means to do so. Installing advanced logging, deep packet inspection and file integrity monitoring tools will give security team’s greater situational awareness of what’s going on in their environment to enable them to spot when something isn’t quite right.
Finally, in a Web 3.0 world, organisations must take a more holistic approach to security across the board, from cloud to endpoint, and tie physical and cyber security together. Technology moves at a blistering rate of change and the bad guys are always first to adapt. We need to make sure we do all we can to make it as difficult as possible for them to get what they want.