For the third piece in our hedge fund security series, we will be discussing advanced persistent threats (APT). Advanced persistent threats are a set of constant computer hacking processes, which often target businesses for moral, political or business reasons. APTs are almost always implemented by humans, and the motives behind these types of threats make hedge funds and other investment management firms a prime target.
The main purpose of an APT is to steal critical data from a company, rather than to cause visible destruction or damage to a network. In an APT attack, the hacker will enter the network without being noticed, and remain there for an extended length of time, spying and stealing a firm’s information. In a typical hack attack, a cyber-criminal will attempt to enter and cause destruction to the network quite quickly in order to avoid being caught by the network security or intrusion detection tools (IDS). In comparison, APT attacks go unnoticed for long amounts of time, so it is even more essential that you implement the correct policies, procedures, and hardware to keep your firm protected.
How does an attack work?
APT’s are incredibly complex and often utilize many other types of methods, including spearphishing or voice phishing, to gain initial network access. During an APT attack, a hacker will aim to accomplish consistent access to the network, so that they can gather private data over time. Cyber criminals typically gain access to the network through what appear to the victim as legitimate means, such as by posing as an IT department employee through email or over the phone, and then remotely gaining access to the network. Once the criminal gains network credentials, they plant themselves on the network, developing new access points that are not detected by the conventional security methods. Due to the fact that these types of attacks can go undetected for extended lengths of time, the potential damages can be extreme, totaling an average of several thousands of dollars in lost assets.
Signs and symptoms
Although APT’s can be difficult to detect, it doesn’t mean that they are impossible to detect. There are warning signs and symptoms that may suggest your firm has been hit with an attack, and include odd network behavior, such as noticing increased activity late at night and changes in the movement of network data. It is important that your firm has an individual in place for managing internal security processes, establishing incident response plans, conducting network monitoring, and providing company wide training sessions on security best practices. The best way for firms to thwart APT’s and other cyber threats is by having the right protection methods in place.