14 DAY TRIAL // In a rare case, the FBI has acknowledged that foreign attackers, possibly state-sponsored groups, have been successfully hacking into the IT networks of many US agencies and private businesses as back as 2011.
The alert doesn't give any clues regarding the hackers' origin or motives, but the FBI has confirmed that the "group of malicious cyber actors who have compromised and stolen sensitive information."
Attacks may be the work of the APT6 group
Based on a list of Web domains used by the group to host their malware and/or C&C (command and control) servers, industry experts say that this may be the work of a cyber-espionage group known only under the code of APT6.
APT, or Advanced Persistent Threat, is a term used in the infosec industry to describe threat actors with a narrow set of goals that focus attacks only on specific targets. Most APT groups are state-sponsored, and launch attacks in accordance with the interest of their country's position on various topics.
"A variety of methods are used in successful APT attacks - including the use of externally available, public information tools and resources on social media, traditional media and other resources where the organization may be advertising for IT staff— thereby disclosing the hardware and software skills being sought after," John Peterson, vice president of Enterprise Products at cybersecurity company Comodo, tells Softpedia.
APTs have the most patience out of all cyber-threats
"The organization’s business partners, suppliers and customers will also typically be thoroughly researched and noted. An APT is not a one-shot attempt."
"APTs do not look for a home run at the outset. The main objective is to gain access into low priority areas the company fails to protect adequately – typically a user’s endpoint," Mr. Peterson also added.
"By being patient, the hackers can gradually work their way into higher value segments of the network where important data resides."
Advice from the experts
Mr. Peterson is also offering the following advice for any company that wants to harden its security against APT, state-level threats:
○ Deploy and maintain antivirus, firewalls, whitelisting and modern sandboxing and containerization technologies; keep software up-to-date through patching ○ Have an advanced endpoint protection, secure web gateway and breach and threat detection system in place that produces an integrated and layered approach to security ○ Conduct penetration testing regularly; have intrusion detection and intrusion prevention systems installed over and above standard firewalls. Regularly audit firewall and SIEM logs for anomalies ○ Train and educate users and employees on security protocols, have BYOD and VPN policies in place; have acceptable use policies backed by C-level execs – visibly enforce these policies and ensure user training is concurrent with the latest threats ○ Ensure the principle of least privilege throughout – for example, ensuring domain administrators should not use domain administrator credentials for basic break-fix solutions; and custom software should not run as a system - it should have its own system-level account with its own system privileges.