The danger of Advanced Persistent Threats (APTs) was prominently highlighted in Seqrite’s Annual Threat Report 2020. An APT is a specialized cyberattack tactic with the capability to avoid detection for long periods while monitoring and stealing extremely critical information. These are extremely powerful and are generally deployed by nation-states to wage cyber warfare against enemy nations. APTs are generally used to target high-value objects important to countries such as military, power grids and nuclear plants, etc.
Seqrite investigated two APT attacks on the Indian government in the report. The second such case concerned an alleged APT attack on the Kudankulam Nuclear Plant in 2019. While officials mentioned that no damage arose as a result of this attack, the incident raised concerns about whether India was prepared to deal with similar attacks on national infrastructure.
Understanding the Kudankulam APT attack
In its investigation, Seqrite theorized that the penetration could have happened through a spear-phishing attack. According to this theory, a system with access to the Internet may have been compromised with credentials being stolen. Afterwards, the attack spread to other computers and the domain controller of the network. A persistent backdoor was also installed for remote administration with information collecting being the main payload of this attack.
This kind of APT attacks could become even more common in 2020, targeting ‘critical infrastructure’ which is defined by the US Department of Homeland Security as “physical and cyber systems and assets that are so vital that their incapacity or destruction would have a debilitating impact on physical or economic security or public health or safety”.
APT attacks are not new — the most famous among them was the Stuxnet attack which caused substantial damage to Iran’s nuclear program and was believed to have been created by American & Israeli cyber experts. A cyberattack on a power grid in Ukraine in December 2015 left more than 200,000 people without electricity for several hours while a blast furnace at a German mill suffered massive damage following an attack on the plant’s network.
To prevent APT attacks, enterprises need to focus on the fundamentals while devising their cybersecurity strategies:
The timescale of an APT attack is generally long. Enterprises, hence, must employ a range of measures in their cybersecurity approach, using a combination of different tactics, as relevant to their domains.
APT attacks have been employed in the past by cyber-states or even by criminal groups for espionage purposes. Enemy nations may look to collect information about their targets. Data is then a key asset and one which must be protected by enterprises at any costs through any means necessary.
Keeping up to their name, APT attacks are persistent t — these attacks can lie low for extended periods without detection, silently spreading to other systems. However, if a robust access control plan is deployed where systems have access to only the information they require, it is possible to prevent APTs from collecting confidential information.
Seqrite continues to be at the forefront of fighting threats such as APTs with its range of powerful enterprise security solutions, enabling the protection for endpoints, cloud security and mobility management.