Advanced persistent threats (APTs) are cyberattacks that allow perpetrators to gain unauthorised access to a system and maintain that access, undetected, for a period of time. APTs are often instigated by an organisation with links to a nation state or state-backed entity. These organisations tend to be well resourced and typically have very specific goals, such as espionage, compromising critical infrastructure and stealing intellectual property.
Recently, it is believed that state actors have been targeting the systems of organisations involved in COVID-19 research. The United Kingdom’s National Cyber Security Centre (NCSC) concluded in July that APT29 has targeted various organisations working on COVID-19 vaccine development in Canada, the United States and the United Kingdom.
If advanced persistent threats (APTs) are targeting mainly state and industrial entities, should ordinary users sitting in their homes or offices be concerned? Individuals, though they may not be specifically targeted, can become victims of APTs.
A person may, for example, visit a site that has been targeted in an APT attack. Using what is known as the ‘watering hole’ approach, the site is loaded up with malware and the attackers wait for it to end up on visitors’ computers.
A politics-related web site may be targeted by an APT that aims to find out more about specific people visiting the site. What ends up happening is that every single visitor to this site ends up with spyware on their devices, regardless of whether they were a target of the perpetrator. In other words, you are not the specific target of an attack, but by visiting a certain web site or downloading a certain app, your devices become infected.
Another problem with APTs, from the individual’s perspective, is that the technology they use leaks into the cybercrime equivalent of the public domain. Tools developed by well-resourced organisations with a specific geo-political or commercial goal can thus end up in the hands of petty cybercriminals.
The WannaCry wiper, which struck in 2017 employed EternalBlue, a tool linked to Equation APT Group. WannaCry impacted organisations across Europe, including Britain’s National Health Service, forcing staff there to revert to pen and paper when thousands of Windows PCs were rendered unusable.
Individuals should also be aware that information harvested from successful APT operations can end up on the internet as part of a mass dumping of information. This can happen when the perpetrators of APT operations deliberately target each other.
As the name implies, perpetrators of advanced persistent threats aim to continue their operations for prolonged periods of time. They therefore tend to be discreet in their approach, siphoning off information little by little, rather than in one bold, spectacular move.
Signs that organised cybercriminals might be at work include a high level of targeted spear-phishing mails to employees and a high number of log-in attempts at irregular hours. Perpetrators of APTs are looking for information and large batches of data moving around or out of the network should be cause for suspicion. Similarly, large clumps of compressed data in odd locations could be a sign that data has been harvested and is about to be moved.
Individuals concerned by any of the above should exercise the usual caution they do when using any kind of digital device. Specific steps they can take include avoiding installation of apps from third party sources and carefully managing app permissions.
Any app permissions that the user feels are unnecessary should be revoked or disabled when the app is not in use. Individuals should also exercise caution over which websites they use and avoid clicking links in e-mails from unknown senders. Finally, investing in a reliable security solution ensures that everything that is about to be installed, downloaded or clicked on is carefully checked before disaster can strike.