The recent revelation that Russia may have hacked into the Democratic National Committee’s (DNC) email database has brought the topic of Advanced Persistent Threats (ATPs) back to the forefront of cyber security experts around the business world.
According to a report by on Reuters, U.S. Democratic presidential candidate Hillary Clinton has stated that Russian intelligence services were behind a sophisticated attack that saw thousands of internal emails stolen. Although these accusations have been refuted by Russian officials, the issue remains unresolved which is significant for two reasons.
Firstly, even if the Russian’s aren’t involved as Israel’s intelligence forces suggest, the latest hack shows the danger ATPs can pose to powerful government agencies. Secondly, if a major entity like the DNC has trouble dealing with ATPs, then businesses around the world need to take the threat extremely seriously.
Given the complexity of an ATP, big businesses are usually the target for hackers and any company that falls victim to an attack can find their bottom-line in serious trouble. As outlined by the Ponemon Institute’s 2015 Cost of Data Breach Study, the average financial impact of a breach is now $3.79 million. Surveying 350 companies in 11 countries, the study found that the cost of an attack had jumped 23% in two years.
A Three-Stage Threat
Analysing the basics of an Advanced Persistent Threat (ATP), Imperva Incapsula breaks down a successful attack into three stages:
- Expansion of the attacker’s presence
- Extraction of amassed data
Using a combination of malicious uploads (such as SQL injections), Trojans and backdoor shells and then DDoS attacks (to act as a distraction), hackers can enter and extract data from a target site virtually undetected. Indeed, one of the reasons ATPs are so effective is that the distraction tactics often mean the real threat isn’t discovered until it’s too late.
By this point, the victim is forced to piece together a myriad of information in order to track it back to the attacker. Indeed, this is something the DNC is now facing. Even if Russian forces had something to do with the incident, it will take many weeks, and potentially, months, for the DNC’s security experts to determine the source of the email hack.
WAFs More Important than Ever
While political parties and governments will have their own means of protecting their servers, businesses wanting to avoid a similar fate should use web application firewalls (WAFs) to bolster their defences. When used in conjunction with security hardware, WAFs provide a vital layer of protection against ATPs.
By using traffic monitoring to guard against SQL injections, offering provisions for access control (restricting employee’s system access for their own protection) and more, WAFs can help protect businesses from ATPs. Of course, if the DNC can fall victim to advanced hackers, anyone can. Indeed, the DNC’s email breach should serve as a warning to all business out there, regardless of how secure they believe their systems are.