To start with, APT is different from the public's traditional understanding of what "hacking" is. Instead of lone actors attacking network resources for the sake of vandalism or common information theft, APT is organized, efficient, persistent, and targeted. APT is backed by organizations, and quite often, by nation states, with the information that is being targeted often identified in advance of the attack. Once the desired information and targets have been identified, extensive research and planning is put into the attack, and are often even rehearsed in advance of the actual attack. Once the attackers breach the target's defenses, a foothold is gained, and strengthened, by the installation of highly customized malicious software intended to steal important data.
Unlike traditional malware, APT is designed to operate quietly, and because this malicious software is created to attack a specific target, it nearly always goes unrecognized by existing signature based network defenses, such as anti-virus software, or Intrusion Prevention Systems (IPS). Because threat vectors are also combined, such as spear-phishing emails and drive-by malware downloads, detection of APT malware has become even more difficult for existing network perimeter defenses. And once the initial foothold is gained by attackers, it becomes even easier to attack resources from the inside, leading the attackers to the data identified as the target of the APT attack, stealing it, and returning it to the attackers. Consider these staggering statistics:
- Over 95% of companies are compromised with malware that has not been seen by anti-virus or IPS signatures*
- 200+ unique families of custom malware used in cyber-espionage campaigns †
- 1,100+ domain names have been registered by advanced threat actors †
To overcome these significant challenges, Dell SecureWorks offers a wide range of services to counter APT. In collaboration with technology partner FireEye, Dell SecureWorks has recently introduced a new managed security service to detect and block the advanced malware delivered via email and web content. The Managed Advanced Malware Protection service can proactively identify the malicious software used by APT attacks to gain a foothold, and block APT attacks before they gain the necessary foothold on the network required to install more malicious software, and steal your data. Visit the Managed FireEye services page as well as Advanced Persistent Threat pages for more information on solutions from Dell SecureWorks. * Intel's threat data reports † APT elements tracked by SecureWorks Counter Threat Unit up to July 2012