12 Groups Carry Out Most APT Attacks
Security consultants and the feds are tracking a dozen groups--all out of China--responsible for advanced threats.Concerned with the amount of U.S. intellectual property being stolen from corporate networks, a group of security professionals sat down and compared notes on the various groups they tracked. They came up with an approximate tally of attackers targeting the intellectual property of U.S. and multinational companies: An even dozen, and all thought to be Chinese.
High-tech firms, oil companies, and defense contractors have all fallen prey to the 12 teams out to steal trade secrets and sensitive or classified information. While attempting to identify and count the groups behind the attacks may seem like an academic exercise, it's not, says Jon Ramsey, executive director of Dell Secureworks' counter threat unit.
More Security Insights
Webcasts
More >>White Papers
- How Extended Validation SSL Brings Confidence to Online Sales and Transactions
- Reducing the Cost and Complexity of Web Vulnerability Management
Reports
More >>"In the general scheme of things, knowing who your enemy is, is enlightening," he says.
One group, for example, is called the Comment Crew by Dell Secureworks because of its signature tactic of embedding command-and-control information in the comments of Web pages. "Understanding that, if you wanted to deal with the major attack from this one group, you can strip all comments out of the HTML pages as they come into your Web proxy," Ramsey says. "That is a pretty effective technique to deal with this one group."
Moreover, knowing whether an attacker is part of the advanced persistent threat (APT)--the term coined by the defense industry for attackers that don't go away--can determine whether a company calls in help. When a company suspects that a persistent attacker has set up shop inside their network, kicking them back out again is not easy, Richard Bejtlich, chief security officer for security consulting firm Mandiant, said in a recent interview.
Various attributes can be used to classify attackers into groups, including their tools and techniques, the characteristics of their infrastructure, and their targets. Mandiant, for example, keeps dossiers on the 12 groups it tracks, and when called in by a client, compares and gathers network intelligence with what it knows about the usual suspects. The company can analyze an incident under investigation and match it to various groups' modes of operation, including their tools, the passwords, the encryption used, their command-and-control infrastructure, and their targets.
Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSResource Links
Related Webcasts
- Why Bad Guys Write Malware– And What You Can Do About It
- Securing the Cloud: Extend the Benefits of Traditional IT Environments to Cloud
- Protecting End Users Against Emerging Threats
- Perform Better in a Hybrid Cloud World
- Privilege Creep – How Can You Be Certain Your Environment is Still Locked Down?
This Week's Issue
Free Print Subscription
SubscribeCurrent Healthcare Issue
- InformationWeek Healthcare CIO 25: Our second annual honor roll of the health IT leaders driving healthcare's transformation.
- EHR Unreadiness: Only a small percentage of physicians planning to apply for Meaningful Use funds have e-health record systems capable of achieving most of the requirements. .
- And much more!
- Read the Current Issue
Related Whitepapers
Featured Resource
Download this paper to learn how Dell computers running Microsoft Windows 7 can help you make your operations more secure and meet compliance requirements.
Learn More
