Thales Blog

Advanced Persistent Threat (APT): The Dragon Awakes

February 27, 2013

Advanced Persistent ThreatThe last year has seen a dramatic increase in the reports of attacks attributed to Advanced Persistent Threats, or APTs.  Earlier this month, though, the danger was made startlingly clear by the Mandiant APT1 report.  According to the report, “APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.”  In researching the operations of this group, Mandiant traced its origins to China.

This should come as no surprise to those following the advance of APT.  One of the most disturbing aspects of the APT is the “persistent” nature of the threat.  These organizations aren’t looking for the quick hit.  The perpetrators of APT are content to get in, and then take their time, moving laterally through an organization until they hit the honey pot.  And this technique works.  Mandiant found that, using a well-defined attack methodology, APT1 has “stolen hundreds of terabytes of data from at least 141 organizations.” With the rise of such sophisticated attach methodologies, it’s foolish to think that perimeter security can keep the bad guys out, or that disk encryption provides sufficient protection. Clearly, that’s not the case.

What’s more, no industry appears to be immune, including the assets of the federal government.  The goal of APT1 is far greater than just compromising payment data or other personally identifiable information.  Mandiant reports that, not coincidentally, the victims of APT1 closely align with the industries that China has identified as being critical to their economic growth.  Specifically, targets include four of seven industries explicitly acknowledged in China’s most recent five-year plan.

This report demonstrates that at least one government has identified the theft of intellectual property as a strategy for economic growth.  With the recent Executive Order from the Whitehouse on Cyberscecurity, attention is escalating across government interests as well.  This development, though not a complete surprise, certainly makes it much more difficult to secure intellectual propertyand customer data.  Strong encryption strategies, interoperable key management and vaulting, and advanced security intelligence can be critical components to combating the growing APT risk. To learn more about how Vormetric Data Security can help your company protect what matters, visit us at RSA this week (booth 445).

Wayne Lewandowski is Vormetric’s area vice president, federal. Follow him on Twitter @Wayne42675.