17 percent of European APTs now targeting UK entities

Research just published claims to show that the UK and Germany are the most targeted areas of Europe when it comes to APTs (Advanced Persistent Attacks).

APT attacks - rising in number
APT attacks - rising in number

The FireEye H1-2014 EMEA Advanced Threat Report claims that malware attacks - especially advanced targeted attacks - have nearly doubled in the first half of 2014. The number of unique infections, says the analysis, has grown steadily in the EMEA area.

Interestingly, FireEye says that the UK is the most targeted country with 17 percent of attacks, followed by Germany with 12 percent, with government, financial services, telecommunications and energy sectors being the most targeted verticals. These categories, notes the report, accounted for more than 50 percent of total APT detections in the first half of 2014.

According to Richard Turner, the security vendor's VP of EMEA, advanced attacks are the new reality for business and government.

"By preparing an effective defensive strategy, organisations can avoid the risk of sitting on the sidelines as their data and intellectual property find their way to competitors, adversaries or hacktivists," he said.

Skewed results

Fran Howarth, a senior security analyst with Bloor Research, said the report's findings - that attacks are on the rise - is at odds with similar reports from independent sources.

"It's interesting that this report only analyses investigations of FireEye's clients, so the results may be a little skewed," she told SCMagazineUK.com, adding that the term `APTs' is now becoming outmoded, as targeted attacks is now a much better definition.

"APTs tend to suggest state-sponsored attacks, but the reality is that you can never prove - beyond doubt - that an APT is the result of a state attack. This is why I think the term `targeted attack' is a much better definition these days," she explained.

Fellow analyst Rob Bamforth, a principal analyst with Quocirca, said that the FireEye analysis is interesting in reporting the high level of attacks against UK organisations when compared to the rest of Europe.

"As is often the case, the hidden questions that result from this report are most interesting - the whys, by whom and for what purpose, of the attacks are the questions that this report raises," he said, adding that the attacks on vertical market players - notably government and financial services - may be down to sabotage and hacktivism, as well as the primary driver of monetary theft.

Key takeout

The key takeout from the report, says the Quocirca analyst, is that the percentage of backdoors being used by cybercriminals, rather than trojans, may indicate the fact that, from a criminal perspective, quietly taking control and grabbing information is now more important than noisily inflicting damage.

According to Phil Robins, sales director with Encode UK, the real issue is not can you prevent an APT attack - as this is outside your control and in our experience you will be compromised.

This means, he says, that the issues are how can you get an early warning of an attack and how do you contain the attack itself.

"We recommend starting by base-lining your current defences by simulating an APT attack. Armed with this knowledge you can build an appropriate cyber defence solution, incorporating a SIEM/Big Data analytics capability," he said.

Tony Kenyon, technical director of EMEA & LATAM regions with A10 Networks, meanwhile, said that, given the location of key financial centres in EMEA it's not hard to see for example why the UK and Germany come top in most targeted countries for APTs - in many cases key verticals are being attacked rather than specific countries, he noted.

"Add to that government and telecoms and we see an interesting mix of motives and threat actors, from data theft, disruption, political hacktivist and state associated actors; even granular workflow vectors around activities such as M&A. Whilst these statistics represent an invaluable snapshot it's always difficult to be completely representative; especially for verticals which traditionally under-report for sensitivity reasons," he said.

"It's important here to dispel the common misconception about threat actors of the 'lone hacker' sitting at home with an uplink. Organised crime is serious business, with teams of individuals assigned specific roles within a sophisticated workflow. With bandwidth speeds increasing, botnet and malware toolkits easily accessible, potential targets need to urgently consider shoring up their perimeter. This is not about point solutions, you need a holistic ecosystem of advanced DDoS and threat prevention solutions to scale and mitigate these problems dynamically," he added.