I am not going to describe in detail APTs in this post. Neither will I analyze them. I just wanted to talk about this name that is appearing in the news recently due to the attacks to RSA, Epsilon and Google last year.

We are all familiar with the vulnerabilities of any kind of Internet-connected device. Nowadays one can be a hacker by downloading some tools from the Internet and start attacking sites. There is tons of amateur hackers, because the tools are of easy access. I actually still remember like if it was yesterday when I downloaded a plug-in for mIRC that allowed me to throw flood attacks to whoever I wanted. So, if somebody was being very rude or annoying to me, I would drop their IRC connection throwing that simple attack. I swear I only did that to people that was REALLY annoying or rude…

Anyhow, working at a security research center, I am learning many things about security and threats. There is hundreds of threats and vulnerabilities, and we all tr to defend ourselves using anti-virus and such tools. And it works.

But lately there is a big concern in the community with APTs. These are extremely elaborated hacking attacks that are performed over a very long time span and involve not only hacking tools, malicious code, hidden rootkits and other complicated things, but also social engineering and patience, a lot of patience. And so far does not really know how to stop them – don’t worry, we are working on it! -. The later examples have been the recent attack on RSA, when attackers where able to steal large quantities of secret data. For the ones who do not know what RSA is, they are the ones who provide those funny key holders with a random number that changes constantly that gives important people access to important information – ok, not very accurate, but this is how I like to think about it… -. The Executive Chairman of RSA wrote an open letter explaining that the data extracted does not put current security systems at risk… but it is still kind of scary that it was precisely RSA the hacked company.

It has been in the news lately another case where a company called Epsilon was victim of one of these attacks and lots of data was extracted. Epsilon seems to be a kind of marketing company that deals with other companies mailing lists. Apparently, the only stolen data was a huge list of email addresses. You might have received an email recently from one of the affected companies – customers of Epsilon – informing you about the hack and trying to calm down. But when a friend of mine got an email from Chase explaining that one of its customers that deals with Chase account holders data had been hacked, he freaked out. Other affected companies were BestBuy, Capital One, Citi Bank… You can read about this hack here.

Google was victim of an APT a couple of years ago too. More info here.

So, make sure you have an anti-virus that is updated and do not ever click on links on emails that claim to come from your bank. And read about these topics, is as interesting as scary.

Advertisements