What are the ADVANCED PERSISTENT THREATS?
From Wikipedia, the free encyclopedia: An advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by a person or persons targeting a specific entity. An APT usually targets either private organizations, states or both for business or political motives. APT processes require a high degree of covertness over a long period of time. The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The “persistent” process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The “threat” process indicates human involvement in orchestrating the attack.
State-sponsored attackers and established cybercriminals usually reserve their efforts for the biggest, most high-profile targets. But in 2017, they began going after smaller targets. Advanced persistent threats (APTs) are far more difficult to detect and defend against than other types of cyber attacks. They have significant resources, proven capabilities and sophisticated tools. They can more easily target the human factor and warrant close scrutiny.
Most APT actors tend to focus more on espionage and disruption. While APT tools and resources tend to be more sophisticated than those of crimeware actors, all still work to exploit the human factor. As shown in Figure 16, APT activity observed across customer base is far more likely to target government and defence industries. But no industries were exempt.
THE END-GAME: CRYPTOCURRENCY
Cryptocurrency has become a prime target for threat actors looking to directly monetise their efforts. Following phishing, malware and network activities related to cryptocurrencies give us significant insight into the latest trends among cybercriminals.
Attackers continue to prove their adaptability. They shift lures and payloads to follow trends, interests, and, most importantly, money. With its volatile but still-meteoric rise in value and popularity, cryptocurrency quickly became a target of phishing, malware and Web-based attacks in 2017. Cryptocurrency-related attacks went so far as to manipulate Internet searches to lure victims. In one case, a group bought ads on Google and other search engines to direct potential victims to fake cryptocurrency wallet sites designed to steal wallet credentials.
Cryptocurrency phishing campaigns continued in the email. Security researchers identified sophisticated phishing templates targeting wallets and exchanges. These included campaigns that tried to trick users into opening a malicious document attachment. The document exploited a vulnerability in Microsoft Office to install the GOOTKIT banking Trojan on affected PCs.
At the same time, suspicious domain registrations using “bitcoin” and other cryptocurrency terms increased. Threat actors were building a repository of domains that could be used in a variety of email and Web-based attacks. Security researchers found over 100,000 Bitcoin-related domains (those that contain the word “bitcoin” or variations of that word) as of January 12, 2018. Variations of the word “bitcoin” may include typosquatting and the use of Punycode. Punycode takes advantage of a quirk in the Internet’s domain naming system to create lookalike URLs. For example, Punycode for domain “xn--9naa4azkq66k5ba2d.com” is displayed as “bitcoin.com” in Unicode.