Research Paper on "Information Security Advanced Persistent Threat"

Research Paper 9 pages (2653 words) Sources: 5

[EXCERPT] . . . .

Persistent Threat

Information Security/Advanced Persistent Threat

Advanced persistent threat, commonly referred to as APT is a group such as a foreign government which is both capable and has the intention of effectively and persistently targeting a particular entity. The term APT usually refers to cyber threat and more specifically to internet-enabled espionage. However, it does equally apply to other threats such as traditional espionage and other attacks. Recognized vectors of attack include compromising of the supply chain, infected media, as well as social engineering. Individuals, for example, the individual hacker are not commonly referred to as an APT as they only have the resources that make them to be persistent and advanced only in rare occasion even if the intention is to gain access to a particular target or to attack it Surhone, Tennoe, & Henssonow, 2010()

The landscape of advanced persistent threats globally from all sources is at cetain times referred to in the singular from as 'the' APT and there are also references that are made to the person acting behind the specific incidence under reference or a series of incidents that are under reference Surhone et al., 2010()

The Stuxnet is one of the computer worms that has been described as a 'state terrorism' by one of the Middle East Consultants. Therefore, the Iranian government might just consider the creators of the Stuxnet worm to be an advanced persistent threat. This is also because they can be a threat to national security if the worm manages to hit many compromised computers at an instant Surhone et al., 2010()

Within the community of computer security professionals and increasingly within the media, the term advanced persistent threat refers to a long-term pattern of sophisticated hacking attacks which are aimed solely at the government, large companies and also political activists. By extension, the term can also refer to the groups which are behind such attacks. There is a common misconception that is associated with advanced persistent threats is that the APT is only targeted at Western governments. This is not a true ideology since the APT can also be targeted at any government, company or political entity. This misconception is as a result of examples of technological advanced persistent threats against the Western governments being more widely publicized in the West than other APTs against other governments Knapp, 2011()

APT has been used in many countries around the world as a means of gathering information on individuals or groups of people who are of interest to the attackers. The U.S. cyber command is a task force that coordinates the response of the U.S. military to this kind of cyber threats. There are numerous sources that have alleged that some APT groups are affiliations or agents of nation-states Knapp, 2011()

What makes an advanced persistent threat?

An APT must have three important variables in order to be defined as an APT. The first is that it has to be advanced. This means that the operators who are behind the threat itself must have a full spectrum of techniques of gathering intelligence at their close disposal. These techniques may include technologies and procedures for intruding into computers and also extend to the use of conventional techniques of gathering intelligence such as interception of telephone conversations and satellite imaging. Although the components of the attack itself when looked at individually may not be grouped as advanced, their operators can use these components to develop tools that are more advanced as they are required. These individual components that may not be advanced include malware components that are generated from simple do-it-yourself construction kits of malware that are usually commonly available or using simple and readily available exploitation materials. Operators of APTs may also combine several methods such as targeting multiple targets and other techniques and tools in order for them to reach and compromise their target and to maintain access to the target. The operators may also demonstrate that they are deliberately focusing on operational security and this is what differentiates APT from the less advanced threats Takai, Furlani, & Adolpho Tarasiuk, 2006()

The second component is that the APT must be persistent. The operators of the APT must give priority to a specific task rather than just waiting for the right opportunity to seek information from the compromised computer for financial gain or another gain altogether. This basically implies that the operators of the attack must be guided by other external entities. This kind of targeting is conducted through the process of continuously monitoring and interacting with the target in order to achieve the predefined goals and objectives. This does not mean that the attack must be constant and the malware needs to be consistently updated. However, it means that a more slow approach is used which is usually more successful. In the case that the operator loses the access they previously had to their specific target, they usually reattempt to access it and more than often, they end up doing so successfully. One of the goals of the operators of the attack is that they maintain access to the target on a long-term thus giving then enough time to collect as much information as they require. This is in contrast to the other kind of threats which are only done to execute a specific one-off task after which the attackers end up giving up access themselves Takai et al., 2006()

The third component of an APT is that it must be a threat. This is to mean that it must both have the capability of causing harm and the intention of causing harm. Any APT attack must be executed through the coordination of human actions rather than by mindless pieces of code that are automated. The operators of the APT must have a specific goal or objective which they are trying all ways to achieve. They must also be highly skilled, organized, motivated and well-funded in order to be able to achieve this goal or objective Takai et al., 2006()

Research on APTs

Research that was conducted by McAfee found four factors that were critical to the advanced persistent threats. These factors are actors, motives, targets and goals or objectives.

Actors

There are several actors who may be associated with advanced persistent threats. They may include terrorists, organized crime groups, unscrupulous competitors, malicious insiders, ex-employees, and activists. The most common actors in APTs are nation-states. This is basically a state or country which has defined borders and territories. When looking at APTs, it is important to look for the group which generally has access to the greatest resources since as described above in the components of an APT, the attack itself does require more resources that the less advanced attacks. These high resource groups include the military and intelligence organizations. When the aggressor that is involved in the attack is a nation-state, the APT concept often merges with the common definitions which surround information warfare McAfee, 2010()

The FBI says that more than 100 countries currently have capabilities for information warfare. However, when this information warfare is conducted by the nation-states, the non-state entities can participate and indeed have participated thus creating a force multiplier. This is usually simply due to the fact that the internet and the computing resources in the organization allow patriots as well as other sympathizers to take advantage of the capability to remain anonymous and to leverage inexpensive technology which has a global range. They can also take advantage of vehicles of attacks such as scripts and bots. These vehicles of attack were initially designed by nation-states to be used in aiding the conduction of espionage, spreading of propaganda and launching of denial-of-service (DOS) attacks McAfee, 2010()

Motives

There are many motives which drive actors to cyber-attacks. Most of these motives are usually rooted in the poor economic status in the world. Research showed that the primary motive for actors conducting advanced persistent threat attacks is money. It stands at about 69%. The list below shows the statistics on the motivations of the actors: McAfee, 2010()

Disgruntlement or revenge: 27%

Ideology: 22%

Desire to please: 17%

Excitement: 12%

Coerced: 5%

Importance: 4%

Looking at these motivating factors, it can be seen that the chief driving factor is the desire for money. Whether this desire is fueled by need or by greed, it remains by far the strongest motivator of the actors.

Targets

The actors in most cases are usually targeting large companies, government and government organizations, academic institutions, defense contractors, the media as well as other critical infrastructure. The attacks of the actors in such organizations usually require a significant investment and the investors usually give their investment in the hope of getting a reward from the actors such as economic or political gain. The amount of research and development that is undertaken for the vehicle of attack depends greatly on the target and the anticipated security measures in use by the target McAfee, 2010()

Goals

The operational goals or objectives of the actors in… READ MORE

How to Reference "Information Security Advanced Persistent Threat" Research Paper in a Bibliography

Related Research Papers:

Advanced Persistent Threat Research Paper

Persistent Threat

Historical Background of APT

Today, APT, or Advanced Persistent Threat, describes cyber attacks, which are produced by organized teams of individuals, whom have extremely in-depth resources. These teams… read more

Research Paper 20 pages (5786 words) Sources: 20 Topic: Computers / IT / Internet

---

Emerging Trends for Cloud Computing Facilitated by Advanced Biometric Technologies for Enhanced Security Thesis

Cloud Computing

Emerging Trends for Cloud Computing facilitated by Advanced Biometric Technologies for Enhanced Security

Author (I will fill this part )

Affiliation (I will fill this part )

An… read more

Thesis 7 pages (2873 words) Sources: 9 Topic: Computers / IT / Internet

---

Homeland Security and Emergency Management Article Review

Larger departments were also found to enjoy increased conversation with the federal government and greater access to resources to facilitate reaching such goals (Marion & Cronin 2009:14). To determine which… read more

Article Review 6 pages (2750 words) Sources: 5 Topic: Crime / Police / Criminal Justice

---

Security Software Business Plan Capstone Project

Business plan Version page

Business Plan

Business Identification:

Mission, Goals and Objectives:

Keys to Success:

Company Summary

Industry History:

Legal Form of Ownership:

Location and Facilities:

Management Structure:

Products and… read more

Capstone Project 20 pages (5342 words) Sources: 7 Topic: Computers / IT / Internet

---

Analyzing Risk and Threat Assessment Term Paper

Sometimes, when the supervision of these assets is wanting, there can be loopholes that allow for the entry of these attacks. Thus, procedures must be designed to protect the company's… read more

Term Paper 6 pages (2081 words) Sources: 1+ Topic: Transportation / Mass Transit

---

View 100+ more related papers  >>