Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

APT attackers getting more evasive, even more persistent

John P. Mello Jr. | April 9, 2013
Fear of discovery fuels sneakier tactics by writers of persistent malware

That can be precarious because if a machine is rebooted, the malware will disappear. However, Silva explained, "In a large enterprise, you can often find a server that's on 24 hours a day."

Jon Clay, a senior manager at Trend Micro in Cupertino, Calif., agreed that data bandits are getting more adept at covering their tracks after compromising a system. "The bad guys have added a maintenance phase to allow them to remain persistent a lot longer," he said.

"A lot of that involves cleaning up after they're done with a system," he continued. "As they move from one system to another, they're going to wipe their tracks from a previous machine.

"That's happening on a regular basis," he added.

On the plus side for defenders, awareness of APTs has risen over the last year due to some high-profile incidents -- notably the attacks on major U.S. media outlets -- and comments by high-ranking government officials, including President Barack Obama.

"A year ago, these things were happening and they weren't talked about very much," George Tubin, a senior security strategist with Trusteer in Boston, said in an interview. "Enterprises found compromised computers and would keep quiet about it.

"We still see a lot of that today," he continued, "but more and more institutions are becoming more public when they do discover APTs."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.