The year is 2010, and the Stuxnet computer worm, which has been in development for at least 5 years by a government agency, is employed to target supervisory control and data acquisition systems (SCADA) to disrupt the Iranian nuclear programme by causing physical damage to a uranium enrichment facility. More than a decade after, and the spectre of state sponsored hackers with the ability of launching sustained precision attacks is more real than ever.
What are Advanced and Persistent Threats (APTs)?
An Advanced and Persistent Threat (APT) refers to an attack campaign by a malicious stealthy actor, or a team of intruders, with the aim of gaining unauthorised access to your network and systems. These attacks infiltrate your systems and establish an illicit, long-term presence which gives them access to exfiltrate and extract sensitive data and information.
The biggest danger with APTs is that even if they are discovered, and appropriate actions are implemented to defend your infrastructure against the immediate threat, it does not mean that safety is guaranteed. Indeed, as stated above, these attacks are not ‘hit-and-run’: their objective is not only to infiltrate your systems, but to also establish a long-term presence. The hackers usually leave behind multiple backdoors which allow them to come and go as they choose.
Executing such attacks requires a high degree of sophistication compared to traditional digital attacks. Perpetrators tend to be well-funded – more often than not they are state-sponsored – and their attacks take months of preparation, research and customisation given the characteristics of each individual target. Recently, APTs have targeted numerous critical industries including, but not limited to: Financial Services, Healthcare, Telecommunications, Manufacturing, Aviation and Shipping.
There are numerous motives behind the execution of an APT. Some attacks may target the theft of Intellectual Property (e.g.: trade secrets or patents) from foreign industries in order to boost the competitiveness of vitally important domestic industries. Other attackers focus more on causing terror and disruption within an ‘enemy’ state and can, therefore, potentially target critical power distribution plants, telecommunication utilities and other infrastructure. Others seek to extract private and sensitive personal information (e.g.: from Cloud Photos/Chats, Facebook, Twitter, Instagram etc.) for blackmailing purposes. Finally, organised crime groups and cartels sponsor APTs to attack banks and other financial institutions for financial gain.
Security Challenges: What should you be preparing for in 2022/23?
Over the last couple of years, the acceleration of digital warfare and cyber espionage has been exponential. Recent geopolitical clashes, civil unrest, and the COVID-19 pandemic have all contributed to increasing attempts by organised cybercriminals, hacktivists and state-sponsored hackers to infiltrate data centres, organisations and critical national infrastructure to steal large sums of money, exfiltrate sensitive information, and create havoc.
Data and intelligence suggest that the biggest challenges for 2022/23, heavily influenced by the Russo-Ukrainian war, will include, inter alia, the following:
Fusion Intelligence - The New Intelligence Doctrine to proactively identify security threats
Fusion Intelligence Cyber Defence is a new Intelligence Doctrine that merges the old approach of physical security with contemporary digital threat prevention. This novel doctrine aims to allow the real-time monitoring of information to help your organisation identify proactively potentially harmful threats, risks, compromised access points, violent incidents, customer issues and reputational risks.
The contemporary threat intelligence market is primarily driven by the increasing degree of customisation and uniqueness in the attacking techniques employed by cybercriminals leaving sensitive data and information contaminated and vulnerable. This is a particular problem if one accounts for the sharp increase in the volume of data generated by different enterprises over the last decades.
When a potential threat surfaces online, analysts need to validate and investigate further. Analysing related content, performing complex link analysis, and understanding the context of the threat can help establish the validity of the potential peril.
An “Out-of-the-Box” proactive security approach will secure your company’s financial assets, protect your valuable business reputation, and reinforce your brand integrity. The dramatic global spike of corporate fraud incidents – including, inter alia: supply chain cyber-attacks, ransomware cyber intrusions, industrial control systems cyber-attacks, business espionage, international events security breaches et al. – means that it is high time bold actions are taken and corporate and cyber shields are raised up to ensure that you, your organisation, your employees, and your clients are all protected from cybercriminals, hacktivists and other malicious intruders.
How TORI can help
We have developed a global Risk Management Framework for the purpose of supporting organisations in forming a comprehensive understanding of Cybersecurity risk and managing those in a holistic and interconnected way that is fit for the future.
Our approach considers Cybersecurity internal and external operation (e.g., Third-parties) as one of the critical components of your Operational Resilience programme.
- Advisory Services
- Cybersecurity Independent Assessment: To ensure that your cybersecurity ecosystem is sufficient, TORI provide an independent assessment of your security maturity and compliance with standards, to identify possible gaps in your defences
- Application Security: Application security is the cornerstone of effective cybersecurity. We provide training, manual source code reviews, and pen-testing to help protect your business applications and infrastructure
- Subject-Matter-Expert (SME) services: TORI have a pool of Cybersecurity SMEs with plethora of experience within the cybersecurity domain, able to be deployed on a flexible basis to help your organisation overcome your security challenges
- Development & Implementation
- Finding the right people with the right skillset is a challenge. By utilising the TORI pool of experienced cybersecurity associates, we can provide rigorous support and upskilling to your internal teams to assist with your challenges and enrich your organisation’s knowledge repository
- Real-Time Monitoring Services
- Threat hunting & Intelligence: This is a 24/7 activity and the best way to respond to an attack is to prevent it from happening. Our Threat Intelligence team will monitor the risk that your organisation is expose to such as third-parties, leaked credentials, and corporate activity
- Monitoring: Provide real-time monitoring & data analytics to identify & report a breach. This is an important element of any security operation but is heightened with the requirements from emerging legislation.
- Identification Solutions: With 81% of hacking related breaches emanating from stolen and/or weak passwords, the need for a more secure solution is required; real time AI driven Identity and Authentication Solutions, that confirm the users identity from the workplace or at home
- Training & Education
- We provide a range of Cyber training offerings, from Cyber Essentials, Ethical Hacking, Application Developer Training, right through to programmes which use the Information Security policy, as a means of identifying training gaps; training that includes testing and certification followed up with controlled spear phishing, to test the adoption of the policy with appropriate further follow up activities (e.g.: requirement for further training)