FIRST, the site of the attack is reconnoitered... A stone is thrown against the window... Did anyone notice? Then the arm comes through the window, the alarm is deactivated... Just a few more movements... then a leap to get past the laser – the ideal moment for a big coup! A scene from Mission Impossible? Wrong. This mission is possible and you are right in the middle of it: in a complex, targeted attack known as an advanced persistent threat (APT).
The stone is malware, which the attackers install on your computer from thousands of kilometers away. Didn’t you open an interesting e-mail about a new online forum on vintage cars yesterday? It was actually customized malware which has now infected your computer. The attackers are not teenagers testing their boundaries, but cyber criminals with extensive resources. They gradually steal business secrets and log encrypted e-mails and chats. They record keyboard inputs and ‘interesting’ applications. They collect information on passwords, software and systems and expand their attack all the time – without your IT department even noticing.
The number of attacks like this has risen by 400 percent around the world since 2011. And the attackers do not only have global corporations in their sights:
“Potential victims include authorities, large concerns, and small and medium-sized companies in every sector, thanks to their technological advantage, expertise and confidential customer data,” explains Frank Melber, expert in information security at TÜV Rheinland.
Prominent victims include American daily newspapers, the Internet messaging service Twitter, and high-tech companies such as Thyssen and EADS. The problem is that conventional virus scanners and firewalls are powerless to stop it, as they can only recognize malware which is already known. However, in contrast to viruses, APTs are not mass-produced, but instead are always distinct and tailored to specific organizations, and the attacks run over a longer period of time. They often exploit the person as a security loophole.
“Companies need to recognize that this is a new threat scenario, which the IT department can no longer negotiate with conventional means and methods,” says Frank Melber. The challenge is so complex that there is currently only one system in the world which is able to discover this kind of attack in real time, allowing defense against it.
Fire-Eye, a California based specialist in defense against complex cyber-attacks and one of the world’s fastest growing technology companies, has developed a platform which recognizes and protects against attacks from the web and via e-mail, as well as file-based offensives. “We have automated something that takes malware researchers a lot of work to do in a laboratory,” explains Alexander Bünning, Regional Director at FireEye. The local e-mail and web traffic is investigated for anomalies in real time and the content initially compared with data traffic which is known to be good. “The second step is to execute the suspicious data traffic in real time inside virtual machines, where it can be inspected for attacks and manipulation. This allows us to identify malware quickly.”
But software alone is not enough to contain the damage. TÜV Rheinland’s experts in information security offer holistic threat management which combines FireEye technology with qualified service on the ground, including identifying the attack and damage, as well as defining and implementing effective countermeasures. Global players put their faith in this solution. “No-one can prevent the attacks yet, but this is a way to limit possible damage from cyber-spying to a minimum,” emphasizes Frank Melber. One of the most important steps is to stop the malware from communicating with the attacker as quickly as possible. “That is why our experts are at the premises of the company affected within one working day,” explains Frank Melber.
According to him, the damage caused by this type of targeted attack can be immense, and no-one is safe: “No organization should assume that it is not large or interesting enough to be the target of an attack. This myth has been outdated for a long time.”
For more information on our Consulting and Information Security solutions, please visit our website or contact us to speak to one of our experts.
