Ransomware captures the headlines, but the real threat to organizations is still the APT
It’s nearly the end of 2017, and time for end-of-year reports and conclusions. When it comes to cybersecurity, there’s no doubt that 2017 was the year of ransomware, with attacks increasing 250% and hitting the U.S. the hardest.
Ransomware is considered to be the fastest growing security threat, perceived as a moderate or extreme threat by 80% of cybersecurity professionals . But is it really the most prominent threat to organizations? It’s sort of like asking, “Is it worse to stand outside in the rain and get wet like everyone else, or have someone walk into your living room and spray you directly with a fire hose?” In both cases, you get wet, but the fire hose has the potential to cause serious damage, and no umbrella will protect you against it.
Advanced persistent threat (APT) campaigns are all around us, but they seem to resonate less with the public and media than large-scale ransomware attacks that occurred earlier this year. Here are a few examples that you may not read about in the news:
- The Cyber Security Agency of Singapore (CSA) recently revealed that an unnamed public organisation in that country was hit by an APT malware infection late last year.
- Symantec has found that a cyber espionage group dubbed Dragonflyre-emerged in late 2015 and began to launch cyber attacks on the energy sector in some European and North American countries
- FireEye uncovered a new APT campaign by Iranian hackers targeting several companies in the US, Middle East, and Asia. They were spying on companies connected to the petrochemical industry, military, and commercial aviation.
FireEye CEO Kevin Mandia stated, “The majority of intrusions we respond to can be attributed to nation-state actors, by nations that condone cyber attacks, or folks in uniform paid by sovereign nations to do intrusions.” And very recently, three major APT-style hacks (meaning they were carried out in a stealthy fashion, over a long period of time, by capable threat actors ) impacted Equifax, the U.S. Securities and Exchange Commission (SEC), and Big Four auditing firm Deloitte, demonstrating the potential damage an APT attack can cause.
Moreover, we are witnessing a blurring border between nation-state hackers and cybercriminals, who are now assisting one another and even collaborating on outsourced jobs. The direct result of this type of collaboration is cybercriminals l adopting the APT mentality — long-term campaigns with significant funding and very clear objectives, which in the end can cause much more harm to organizations than a mere ransomware attack.
Although it is tempting to see ransomware as the nexus of cyber threats , it’s really the APT you should be fearing. Unlike ransomware, it does not announce its arrival but does require layered defense, trained personnel and advanced, AI-based tools to identify and mitigate. It is a slow and stealthy threat with the potential to result in a massive data breach, regulatory fines and public outrage. So even though your management keeps asking whether the organization is secure against ransomware, it is really the APT that should be on their minds; it’s the threat that will send them home, just like it did with Equifax CEO Richard Smith.