Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Today’s Cyber-War is a Cold War, Some Say

Cyber Cold War

APTs Latest in Cyber-Arms Race

Cyber Cold War

APTs Latest in Cyber-Arms Race

From Flame to Gauss to Madi – the list of advanced persistent threats (APTs) that have appeared on the public’s metaphorical radar screen so far this year seems to be growing. Whether or not this is part of an ongoing cyber-arms race between countries or their proxies, experts say that the threat landscape should influence how large organizations think of risk.

“Today’s APT attacks in most cases look like conventional attacks,” said Anup Ghosh, CEO of Invincea. “They start with conventional vectors such as spearphishing and utilize tactics such as luring people into clicking on links. Their exploits resemble conventional banking malware. It is what they do once they have a presence on the network that distinguishes an APT from a cyber criminal or conventional attack. APTs colonize the network and exfiltrate valuable IP.”

“Organizations need to understand the “cyber war” today is largely a cold war — one of espionage and theft of intellectual property,” he said. “If your organization develops intellectual property that would be valuable to other countries to copy, you are a target and probably have already been compromised.”

In its threat report for the first half of 2012, F-Secure summarized the pieces of the Flame malware, which according to some researchers claimed the title of the most complex ever. Earlier this year, The Washington Post cited anonymous sources stating that the malware was linked to a joint effort by the United States and Israel, though American and Israeli officials officially declined to comment. While arms races in the physical world have centered on countries letting their rivals know about their capabilities for the sake of deterrence, the world has not yet reached this stage when it comes to cyber-attacks, wrote Mikko Hypppnen, chief research officer at F-Secure.

“Most likely, yes (we are in an arms race),” he told SecurityWeek. “But it’s happening behind closed doors in classified programs, so we don’t know much about it – so far. Only [the] USA has confessed doing this. But we must assume most technically advanced nations are stockpiling cyber arms.”

Cyber WarIn this environment, having knowledge of an attacker’s motives and what they are after becomes vital, Hypponen said. 

“You need to understand your enemy and their motives. There’s no point in trying to secure your system against the wrong attacker,” he said. “Know your enemy.”

There is evidence too that cyber-criminals and the minds behind the types of advanced persistent threats that have made headlines this year are using similar tactics, said Tom Kellermann, vice president of cybersecurity at Trend Micro.

Advertisement. Scroll to continue reading.

“APTs have been privatized and their cyber kill chains automated so that these types of targeted attacks are now mainstream for organized crime syndicates,” he said, adding that the complexity of code “is reaching a singularity in automation.”

Ideally, the presence of more complex threats shouldn’t change much about how organizations plan their strategy, said Kevin Haley, director of Symantec Security Response. After all, he explained, should already be educating employees on cyber security risks and how to avoid them, and should also have technology in place to mitigate malware outbreaks.

“The reality, however, is a different story,” he said. “Many organizations are still struggling to get a grip on these simple security best practices. Thus, more than anything else hopefully the threat of targeted attacks and APTs serves as an alarm bell causing more companies to prepare their infrastructures to withstand attacks of all sorts.”

“The concept of layered security is not new, but as the threat landscape gets more complex the layers must increase,” he added. “Stopping exfiltration is an important new layer. Incident response is not a new idea, but it’s a lot more important now and something companies who have largely ignored up until this point should not anymore.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...