Anatomy Of A Targeted, Persistent Attack
A new report published today sheds light on the steps ultra-sophisticated attackers take to gain a foothold inside governments and company networks and remain entrenched in order to steal intellectual property and other data. The bad news is these attacks -- including the recent ones on Google, Adobe, and other companies -- almost always are successful and undetectable until it's too late.
The so-called advanced persistent threat (APT) attack model and case studies outlined in the report from forensics firm Mandiant are based on real-world attacks Mandiant has probed during the past seven years in the government and private industries. Though the report describes the brand of attack that hit Google, Adobe, and 20 to 30 other organizations, Mandiant wouldn't comment on whether its forensics experts are involved in the so-called Aurora attack that allegedly came out of China.
Most of the APT attack cases that Mandiant has worked on for the past few years have had ties to China: "The vast majority of APT activity observed by MANDIANT has been linked to China," the report says. And existing security tools are no match for these attacks -- only 24 percent of the malware used in the attacks Mandiant has investigated were detected by security software, the report says.