Advanced persistent threats (APTs), which are carried out by organized cybercriminal groups, may be a growing trend as a new survey finds an increase in advanced threats over the last 12 months.
In a survey of 591 IT and IT security practitioners conducted by the Ponemon Institute and funded by network security monitoring vendor NetWitness Corp., 83% of participants said their organization had been the target of an advanced threat and 71% said those attacks have increased in the past 12 months.
"The predominant majority of these threats are represented by unknown, zero-day attacks, but there are increasingly many instances where known attacks are being re-engineered and repackaged to extend their usefulness," according to the Ponemon report.
The survey defined an APT as "a methodology employed to evade an organization's present technical and process countermeasures which relies on a variety of attack techniques as opposed to one specific type." The report touts a changing threat environment with APTs becoming more pervasive against enterprise networks. Experts, however, point out that APTs have been a mainstay, targeting individuals at corporations to gain the victim's access privileges and steal sensitive files, remaining undetected in corporate systems. For example, experts say the Google Aurora APT attacks, announced by the search engine giant in January, were not new or carried out in any sophisticated manner.
The survey suggests that organizations are slow to detect and investigate APTs with 41% of those surveyed saying they were unable to determine how frequently they were targeted. Most (80%) said it takes at least a day, while 45% suggested it could take 30 days or more.
"In our discussions with key stakeholders, it is obvious that while threats are evolving quickly, defenses continue to lag," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "This leaves a huge window of opportunity to steal confidential or sensitive information."
Those survey also found a rising level of fear that organizations are not prepared to prevent APTs. About half of those surveyed said security-enabling technologies are not adequate and 64% report their security personnel were not up to dealing with the threat. The survey supports previous warnings from security experts who say perimeter defenses are inadequate against APTs.
Organizations are using ad hoc procedures to prevent and detect APTs, using a combination of manual procedures and security controls to monitor and detect network anomalies. Seventeen-percent of those surveyed said they relied on intrusion defense systems and antivirus to detect APTs. Most acknowledged the technologies are inadequate and are being bypassed by attackers. Only 8% used network intelligence technologies.
Ponemon recommends more education among senior management about the seriousness of the problem, investments in better security technologies and reduction in the reliance on IDS and antivirus. The report also recommends more training for IT security professionals to detect APTs and an increase in security staff skilled in APT methods.