In recent times the advanced persistent threat (APT) has become more prominent in information security jargon, partly due to the RSA incident. SC Magazine asked recently whether this should be taken seriously as a threat or if it is just another strong malware attack.
A combination of malware, spear phishing and vulnerability is advanced, but is it really as much as a threat as Stuxnet? Another question that came to me recently was regarding advanced evasion techniques (AET).
On meeting with Ash Patel, country manager UK and Ireland at Stonesoft, recently, I wanted to know what the difference is between APTs and AETs.
Patel explained that an APT is ‘an individual or group intending to attack a network by any means necessary and will continue to do so until successful', while AET is a delivery mechanism.
Patel said: “What do you do to stop Scada from being attacked, you can take it offline and put the intrusion prevention system (IPS) in the next-generation firewall, but will that stop Stuxnet? AET is a wrap around the malware so now you cannot see it; it is a payload delivery system for targeted malware so are you protected against all APTs? No!
“What we found out with APT, IPS and next-generation firewall is that they are not capable of protecting as they cannot see them and the payload. If you speak with your IPS vendor ask them if they can protect your technology to protect you from an AET.
“A lot of vendor protection is inaccurate, how can you protect everyone against APT if you do not know what you are using?”
Six months on from the initial announcement on AET, Patel said that there had been complex AETs being used and he had spoken with customers who were concerned. “I am finding organisations who would never willingly say that they have been attacked, but they have no idea how it happened. If you have to give a reason, speak to the people who do the research and they will say that the AET is very real, credible and a threat.
“We realise that the AET is not too much of a concern for the small business but it is a major one for governments and FTSE 100 companies, people with a lot to lose. It is very complex, we are not talking about a new virus or malicious code, it is a new way to deliver it and that is where the market needs to understand.”
So in the first six months, the AET has proved to be a credible threat and not just another method of sending malware. As for what the difference between an AET and APT, perhaps it is the case that many people are prepared to take the former far more seriously.