Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Companies Scared, Unprepared for Onslaught of APTs

Report Indicates Many Organizations Not Adequately Prepared for Persistent APT Onslaught

Report Indicates Many Organizations Not Adequately Prepared for Persistent APT Onslaught

This summer, Dmitri Alperovitch, VP of Threat Research at McAfee, revealed the discoveries of a series of targeted intrusions into 70+ global organizations that took place over the last 5 years. Along with revealing the attacks dubbed “Operation Shady RAT”, Alperovitch commented, “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised.”

APT AttacksSome criticized the specifics of Shady RAT and Alperovitch’s comments, dismissing them as marketing FUD (Fear, Uncertainty and Doubt) — but it appears many folks serving information security functions could be agreement with Alperovitch, at least in terms of the wide array of companies that could have experienced a breach.

Today, a report (paid) coming from The Enterprise Strategy Group revealed that a majority of mid-to-large U.S.-based corporations believe they have been the targets of sophisticated cyber attacks looking to steal sensitive data.

The report, which included responses 244 security professionals working at U.S. based organizations with more than more than 1,000 employees, revealed that 59 percent of respondents are “certain” or “fairly certain” that their organization has been the target of a previous APT attack. Additionally, 72 percent of organizations think they are a “highly likely” or “somewhat likely” target of future APT attacks.

Scared, Unprepared for APTs

Alarmingly, nearly one-third of the large organizations surveyed believe that they are vulnerable to future APTs, indicating that many organizations are ill prepared to protect against future attacks.

Additionally, 46% of large organizations that ESG categorized as “most prepared for APTs” (based upon their existing security policies, procedures, and technical safeguards) say they are vulnerable to future sophisticated attacks.

According to the report, 93% of security professionals working at enterprise organizations are either “extremely concerned” or “concerned” about APTs and the impact that APT attacks could have on vital U.S. interests such as national security and the economy.

“Security professionals who understand the threat landscape best readily admit that their organizations are not only under attack but also vulnerable,” said Jon Oltsik, senior principal analyst at ESG and the primary author of the report. “Even more frightening, the companies that have already taken proper steps to secure their assets still believe they are vulnerable to APTs. If those organizations with strong cybersecurity policies are vulnerable to APT attacks, it’s safe to conclude that nearly all organizations are vulnerable.”

Just yesterday, Symantec uncovered a coordinated cyber-campaign designed to steal information from various companies across the world that hit many chemical and defense firms. Some of the attacks infected computers with the well-known PoisonIvy Trojan via email attachment sent to specific recipients in organizations that appeared to be meeting invitations from business partners.

“Virtually everyone is falling prey to these intrusions, regardless of whether they are the United Nations, a multinational Fortune 100 company, a small non-profit think-tank, a national Olympic team, or even an unfortunate computer security firm,” Alperovitch added during his revealing of Shady RAT. “I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know,” Alperovitch concluded.

Overall, the data presented in the ESG research report and other industry reports indicate that many organizations may not be adequately prepared for a persistent APT onslaught. ESG reminds us of the importance of security professionals to educate executive managers about APT risks, assess their existing security defenses, and bolster security analysis and forensic skills.

“Security professionals have the most knowledge about and experience with APTs. This group believes that APTs are real, unique, and extremely dangerous. It is imperative that business executives, IT managers, law enforcement officials, and legislators recognize the risks, accept this warning, understand what’s at stake, and begin to address cybersecurity weaknesses as soon as possible. The longer we delay, the more damage we will likely incur,” Oltsik concluded.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.