Posts Tagged Advanced Persistent Threat

Identifying An Advanced Persistent Threat

27 December, 2016

Advanced persistent threats (APTs) pose a big network security challenge for the business firms. These forms of attacks are very well-organized and involve the use of phishing techniques to trick users into downloading a malware on to their computer systems. However, the ultimate objective of an advanced persistent threat attack is far more than compromising the network security. It aims at stealing valuable intellectual data of the company, such as project details, business contracts, patent information, sales data etc.

Advanced persistent threats generally work stealthily and can go undetected for long periods of time, which makes it even more important to employ the necessary security procedures. Though these attacks are difficult to detect, there are certain signs that indicate that your network has been compromised:

Presence of widespread backdoor Trojans

In an advanced persistent threat, the hackers install various backdoor Trojans to gain access to the target computer system, even if the log in credentials are changed. These Trojans are commonly deployed through social engineering techniques, mainly through a phishing email or drive-by download.

Unexpected information flows

If you suspect unexpected and enormous flow of information from your corporate network to other internal or external computer systems, this may indicate an advanced persistent threat. As these attacks are targeted at stealing confidential information about the company, even a limited amount of unauthorized data transfer should not be overlooked.

Increase in log-in attempts during late night

If you notice a sudden and extensive number of log-in attempts on your official email accounts, it may indicate an advanced persistent threat. This may be done to compromise the security of your entire corporate network. The hackers mainly breach accounts outside the normal working hours of your employees or late at night.

Use of pass-the-hash hacking technique

Pass-the-hash is a common hacking technique in which the cybercriminals aim to remotely connect to your company’s internal network by capturing the password hash of the admin account. With this, they can gain an easy access to the entire network, without having to breach the original password.

Unexpected data bundles

Advanced persistent threats often accumulate the confidential data inside the network before transmitting them to the hacker. The data may be found in an unidentified file or folder where it should not be ideally stored. The files are most often saved in a compressed or archived format.

We, at Centex Technologies, are a leading IT security consulting firm in Central Texas. For more information and prevention tips for advanced persistent threats, you can call us at (855) 375 – 9654.

,

No Comments