The Most Famous Advanced Persistent Threats in History
|
 |
|
The earliest published attack on military research establishments was detected as far back as the late 1980s when West German hackers penetrated networked computers in California to steal secrets relating to the “Star Wars” program.
A fascinating account of this particular set of attacks is related in the 1989 book The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, by Clifford Stoll, a computer manager at the Lawrence Berkeley National Laboratory, who stumbled across the activity when investigating a minor accounting discrepancy in the computer usage accounts.
Stoll discovered that the intrusion was coming from a university in West Germany across a satellite link. He set up a trap with enticing details of a fictional Star Wars contract, enabling the West German authorities to locate the hacker, a student called Markus Hess, who had been selling the stolen information to the Soviet KGB. Hess was tried and found guilty of espionage in 1990 and sent to prison.
The incident helped raised awareness across the intelligence and security communities of the potential for offensive attacks as well as the vulnerability of networked computers to compromise. It was a portent for future attacks that would materialize in years to come.
Many of today’s most destructive advanced persistent threats (APTs) were conceived a decade ago, so enterprises that rely on most traditional approaches to cybersecurity are unlikely to succeed against the next generation of attacks. This is one of the cautions in a new book published by global IT association ISACA in cybersecurity awareness month.
Advanced Persistent Threats: How to Manage the Risk to Your Business advises that traditional defenses such as firewalls and anti-malware are not up to the challenge of today’s APTs and that organizations need to add skills, processes and technology to their cybersecurity arsenal.
While new tools are needed to combat ever changing security threats, it is helpful to examine the history of the APT, because it is possible to derive many important lessons for defending against them in the future. The earliest use of the term “advanced persistent threat” emerged from the U.S. government sector in 2005, describing a new, deceptive form of attack that targeted selected employees and tricked them into downloading a file or accessing a website infected with Trojan horse software. This slideshow summarizes known facts, anecdotal evidence and reported claims behind some of the most well known attacks experienced over the last 15 years.
Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance
PAM Solutions: Critical to Securing Privileged Access
To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ... More >>
How Can We Fix the Fake News Problem?
Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ... More >>
The World According to Blockchain
Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ... More >>