Non-Advanced Persistent Threats

For those of us in the security industry, the term “APT” or advanced persistent threat is a term marketing teams have cooked up to explain the threats that are hard to defend against. APT isn’t really a new threat or type of threat. There are some truly advanced persistent threats such as nation sponsored hacking campaigns or corporate espionage, but most of what is threatening smaller companies is neither advanced nor persistent.

Companies are now classifying the online Hacktivist groups as advanced persistent threats. These new socially motivated attackers are rarely advanced and only about as persistent as a child who wants the latest toy. These attackers are a nuisance for a short period of time until they get their way or move on to something else that sparkles. Groups like “LulzSec” and “Anonymous” don’t use super advanced techniques as some security experts and most victims like to claim. In fact, these groups are more drive-by hackers than anything.  If you’re vulnerable to something simple and you cross their radar than you’ll be the next victim. The methods and attacks they use can be easily and inexpensively foiled.

Frankly there is nothing advanced about SQL injection or DDOS attacks. SQL injection has been around since the early 90’s. It has gained popularity with the rise of modern day web applications that feature databases as their backend. Even this website uses a common CMS platform that could be vulnerable to SQLI. The best defenses for these threats are to separate sensitive data from public data. Sanitizing input on the backend and making sure users use strong non-repeated passwords are also important in combating these attacks.

DDOS attacks are one of the most common front-page news attacks seen this year. They are nothing new and can be hard to defend against if the numbers of attackers are large enough. Most of the attacks seen in 2011 were not indefensible. There are many caching and DNS, as well as IPS ways of dealing with them but if enough traffic comes at your website at one time, it will go down. Most small and medium sized companies could benefit from techniques implemented here at NBG Networks. Larger companies will want to implement in-house systems to deal with these threats. It’s very important to ensure your webservers are patched and up-to-date with the new RefRef attacks being used.

The vast majority of attacks that made front-page news so far in 2011 have been non-advanced hackivist based attacks. Simple defenses and common sense could have eliminated all of these attacks. A vulnerability assessment and security design review would expose these vulnerabilities before the bad guys stumble upon them.

-Nick

Follow Me

Nick Gibson

Nick Gibson is a United States computer security expert and founder of NBG Networks LLC. He has worked in security regulated industries like healthcare and finance for over a decade.
Follow Me

Latest posts by Nick Gibson (see all)

No Comments Yet.

Leave a comment