The trickle-down effects of advanced persistent threats

The trickle-down effects of advanced persistent threats
The trickle-down effects of advanced persistent threats

The increase in sophistication and abilities of computer hackers and malware programmers worldwide is, unfortunately, rather common news.

Hospitals, governments and banks have all come under attack from anonymous hackers using powerful technology. They steal any data or sensitive information that they can sell or hold to ransom, and as the hacker's tools become more advanced, so too has the threat of malware.

The targets are also, increasingly, no longer multinationals and governments, but everyday business owners and managers. 

As our most recent threat report showed, more than half of data-stealing attacks occur via the internet. Many professionals believe they are already taking the necessary action to protect themselves, and cyber security is still the most pressing concern for organisations of any size.

Businesses are reporting significant losses resulting from attacks, even at the low end of the profit spectrum. This is partly down to the rise in APTs (advanced persistent threats). APTs are the result of well-funded, technically advanced, focused criminal groups and, over time, the technology involved in major headline incidents trickles down to become available in a number of low-cost kits.

This has always been the case; however, the difference today is that the malware lifecycle has sped up dramatically. The 'time to market' difference between £1,000-plus innovative malware and £15 ready-to-run kit is now months, rather than years. Combine this with poor patching remaining prevalent in businesses of all sizes, and you have a lethal cocktail.

This means that any would-be hacker can cause thousands of pounds worth of damage with very little outlay or technical know-how. Using the same advanced tactics as big-time hackers, lower-level cyber criminals focus on stealing data or private information. Their methods are increasingly diverse and technically advanced, and this is one of the reasons APTs can be so damaging to small- and medium-sized businesses alike.

Four days after the Aurora hack on Google last January, the code used was available worldwide. Within 18 months, there had been 5,800 attacks using it. As time goes on, far from the code losing its potency, more people get hold of it.

The risk widens to businesses that may not even consider themselves a target. Even the biggest players on the web are not immune; how many organisations are completely on top of the patch-management game? Some might delay patches or batch them together to deliver at a single time, but the longer the delay, the longer you extend the length of efficacy for malware and extend the lifecycle of that exploit.

That's why the inclusion of these exploits in kits still happens; even though there are patches, they still work on enough machines to make it worth their while.

The point here is that modern malware can easily circumnavigate many existing security systems. Signature-based security measures such as anti-virus and firewalls are no match for advanced malware kits, so you cannot rely on these technologies or on patch management to protect your organisation. Just because an organisation is not a government or multinational business, that doesn't mean it won't have appealing data for cyber criminals.

You need to examine the content of both inbound and outbound traffic to minimise risk, because if you combine these exploits with some well-crafted social engineering, organisations will continue to be easy prey. It's time to examine, in real time, the substance of each website visited, and each email, to effectively battle this malware lifecycle.

Spencer Parker is group product manager at Websense

Sign up to our newsletters