On December 13, 2020, Cybersecurity & Infrastructure Security Agency (CISA) issued its fifth ever Emergency Directive. The agency instructed all national networks to disconnect products from SolarWinds’ Orion. 

Network defenders from federal and civilian agencies took immediate action with mitigation strategies. Attackers had already broken into the systems of more than 100 private companies and government agencies. CISA later confirmed that the widespread breach began as the work of an Advanced Persistent Threat (APT) actor.

APTs are stealthy and sophisticated. In an APT attack, cybercriminals gain access to an organization’s network using spear phishing or other social engineering processes. Attackers expand their clandestine presence within the network for a period known as “dwell time,” probing for sensitive information, and conceal any traces of their activities. Conventional defenses and security measures (e.g., firewalls, antivirus, intrusion detection/prevention systems) cannot always detect these evolving threats.

APTs are also expensive exploits for their victims. According to a SolarWinds quarterly report, the Orion breach cost the company at least $40 million . On top of that, a 2021 Cybersecurity Impact Report estimated that affected suppliers lost 11 percent of their annual revenue, on average.

A proactive and layered cybersecurity approach is vital to thwarting and limiting the potential impact of APTs. Organizations should minimize damage by developing APT-specific strategies and refining them as new threats emerge. Below are examples of processes and tools that should be included in an effective strategy.

 

Implement Up-to-Date Best Practices

A recent Executive Order from the White House outlined critical best practices organizations should use to minimize their cybersecurity risks, including multi-factor authentication, endpoint detection and response, encryption, and a security team.

 

APT User Security Awareness Training

Around 90 percent of APTs begin with social engineering, such as spear phishing. In spear phishing, an attacker sends a targeted email to your company and entices the prey to click a malicious link or attachment. This single click downloads a file that becomes the access point to that workstation. Consequently, it allows the attacker to move laterally within the network and gain increasingly privileged access. Instead, providing employees with consistent security awareness training lessens the likelihood that a simple oversight will become a binding blunder.

 

Network Access Control (NAC) and Identity and Access Management (IAM)

Tight access control policies and parameters can stop attackers from moving across a network through unsecured devices. If a device is outdated, unpatched, or otherwise noncompliant, a NAC solution will block access to the device, forcing an attacker to move on. Similarly, effective IAM will prevent an attacker from using stolen credentials to gain further system access.

 

APT Simulation Testing

A cybersecurity expert can simulate an actual attack on your network to allow your organization to understand its risks and vulnerabilities. This long-term testing will allow you to develop a more robust security posture supported by strong cyber processes, prevention, and detection technologies.

 

Preparation and perseverance are essential to successfully thwarting and limiting the potential damage of APTs. Enterprise-wide awareness training, adequate security controls, and APT simulation testing will help organizations reduce their breach risk. For more information about APTs and how to defend against them, read about Securance’s APT simulation testing services here.