APTs, hacktivists have organizations in their crosshairs

APTs and hacktivists will continue to plague organizations in 2012, warns Mary Landesman, market intelligence manager at Cisco
APTs and hacktivists will continue to plague organizations in 2012, warns Mary Landesman, market intelligence manager at Cisco

Landesman told Infosecurity that both APTs and hacktivists reflect a trend of more targeted attacks, in contrast to the large-scale attacks that were launched earlier. They differ, however, in their methods and motivations.

APTs are stealthy attacks aimed at stealing intellectual property. Hacktivist attacks, on the other hand, are noisy, public attacks aimed at embarrassing an organization, she noted.

“We are seeing a more cohesive system around intellectual-property focused attacks. The Nitro attacks in the fall of 2001 are a good example of that”, Landesman said.

The Nitro attacks were spear phishing attacks targeting chemical and defense firms. The phishing emails contained the Poison Ivy trojan, which is designed to steal intellectual property, such as formulas and design processes.

“It was pretty clear looking at the pattern of their targeting that they were honing their skills and getting better at identifying valuable targets and isolating them. That particular attack vector is more insidious…It is the attack de jour that we will be seeing for the forseeable future”, she said.

As previously mentioned, the primary goal of the hacktivists is to embarrass organizations, she noted. Still, organizations that suffer hacktivist attacks do incur financial loss. “Even if nothing else is stolen than customer names and emails, still there is a very real cost that the targeted company has to absorb”, Landesman said.

The damage from both APTs and hacktivism is “quite serious – one is surreptitious and the other is loud, noisy”, she added.

Cisco released this week its fourth quarter 2011 Global Threat Report, which found that enterprise users experienced an average of 339 web malware encounters per month in the fourth quarter. This was up slightly from the 362 web malware encounters per month that occurred on average throughout 2011. The highest rate of encounters occurred during September and October 2011 at 698 and 697 on average per enterprise, respectively.

The Cisco report found that an average of 20,141 unique web malware hosts were encountered per month in 2011, compared to a monthly average of 14,217 in 2010.

During the quarter, 33% of web malware encountered was zero-day malware not detectable by traditional signature-based methodologies at the time of encounter.

The rate of SQL injection signature events remained fairly steady throughout the fourth quarter, denial-of-service events increased slightly during the quarter, and global spam volumes continued to decline throughout 2011, the report found.

What’s Hot on Infosecurity Magazine?