Top Threat #10 to Cloud Computing: Organized Crime, Hackers, and APT
Written by the CSA Top Threats Working Group.
The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloads, supply chains, and new technologies shifted the cloud security landscape.
What are Advanced Persistent Threats (APTs)?
Advanced persistent threats (APTs) is a broad term used to describe attack campaigns in which an intruder establishes an illicit, long-term presence on a network to mine highly sensitive data. These teams can include nationstates as well as organized criminal gangs.
APTs have established sophisticated tactics, techniques, and protocols (TTPs) to infiltrate their targets. Since it is not uncommon for APT groups to spend months undetected in a target network, this extended time allows them to move laterally toward highly sensitive business data or assets.
How to Protect Against APTs
Historically, APT groups have favored particular industries or organizations. APT groups out of Iran specifically target the energy and aviation sector.
Organizations can better protect themselves by conducting red teaming exercises to simulate the behavior of APT groups. Cyber exercises can allow organizations to test and improve their cyber detection capabilities against various TTPs associated with ATP groups. Organizations should also conduct threat hunting activities to attempt to detect the presence of APTs in their networks.
The motivations of APT groups vary and differ from one group to another. Some are politically motivated while others are part of an organized crime group. To understand the business impact, an organization must conduct a business impact analysis on its information assets. This allows the organization to understand how and why an APT group might target them and what the potential business impacts of a security breach could be.
What Are the Key Takeaways?
Here are some key takeaways to consider:
- Conduct a business impact analysis on your organization to understand your information assets.
- Participate in cybersecurity information sharing groups to understand any relevant APT groups and their TTPs.
- Conduct offensive security exercises to simulate the TTPs of these APT groups and ensure security monitoring tools are tuned for detection.
In April 2022, malware hunters at Broadcom’s Symantec division spotted signs that a long-running cyber espionage campaign linked to Chinese nation-state hackers were now going after managed service providers (MSPs) with a more global footprint.
Learn more about this threat and the other 10 top threats in our Top Threats to Cloud Computing Pandemic Eleven publication.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.