by Heather Noggle
UniteNews Contributing Writer
Springfield, MO—APTs are often other countries’ governments and organized cybercrime. If the thought of cybersecurity leaves you scared, these groups are why.
“Significant resources” – “sophisticated levels of expertise” – this is what NIST (National Institute of Standards and Technology) has to say about APT groups.
What do they want? They want data, information, knowledge, wisdom, and money that do not belong to them.
How do they operate?
Shhh…very quietly. They make an objective, get into the network, and they dwell. Dwell, as in live there, squatting. Learning. Grabbing that data and information to gain knowledge.
And we do it, too – our government. You may have heard of Stuxnet, which dismantled Iran’s nuclear program well over a decade ago by sabotaging and destroying the centrifuges they were using to transform uranium into a more usable state.
Some cybersecurity firms amass threat intelligence. They try to see the “signature” in the work of cybercriminals and attribute breaches to certain groups because of the tactics, techniques, and procedures used in the discovered breaches. One such organization is Mandiant, which is now a part of Google.
Unnamed groups are not awarded interesting names. You can research APT 33, APT 35, APT 37, and so on. The name does help when threat intelligence analysts are referring to knowledge about how the groups operate. The kind of malware they use. Their target types. Where we think they’re working from. Many originate in China, North Korea, or Russia. Some have other names, like APT18 is also known as Wekby.
APT37 is a good group to research if you’re interested in this sort of thing. The first site Google recommends for APT37 is called MITRE, and it’s a very comprehensive site showing attacks attributed to the group and more information about each. It also lists the different types of malware software used during the attacks along with the techniques.
So, now you know where to go to research things like APT37, Fox Kitten, Moses Staff, and SilverTerrier. MITRE.
How do we defend against APT groups?
As individuals, we’re unlikely to be targets of these groups. But the organizations we work for – that’s a different story. Think about data as value. Organizations must implement what’s called defense in depth. Multiple types of cyber defense. Part of that includes training employees to do many of the things I talk about – back up data, keep good passwords, use a password manager, use multifactor authentication, know what systems you have and patch them, and use good antimalware software.
Most of the other parts of a defense-in-depth approach are technical in nature. Please thank your company’s IT security department for the work they do on behalf of your company or non-profit. It’s a lot, and it changes frequently, requiring constant skill upgrades.
In closing, 2023 has been a year of many vulnerabilities in key core software we all use. Mobile security is just as important as computer security. It’s been wise to update iPhones and iPads purposefully even if you’ve got these devices set to auto update.
Be intentional and advanced in learning more about APT. And doing your part.