Security experts are seeing an increase lately in advanced persistent threats, malicious software that has no known signature or known pattern of behavior.
These threats lurk unseen in servers, applications and databases and are very difficult to detect. They often are created by nation-states or companies affiliated with them, they can change their own appearance and migrate from server to server seeking confidential information, they can establish communication with their creators, and they can wait stealthily and patiently until conditions are just right to attack.
"The first victim is patient zero," notes Samuel Visner, vice president and cyber lead executive at Computer Science Corp. of Falls Church, Va., and a former security official with the federal government.
The thieves are after not just bank or card-account information, but also intellectual property, such as product development or marketing plans and corporate strategy. This information is valuable not only to an economic competitor but to a nation-state that has some kind of relationship with companies that owe sovereign allegiance to that government, Visner says.
"The Office of the National Counter-Intelligence Executive says foreign governments are in fact collecting this intelligence, doing what we call network exploitation,” he says. “And they are collecting information from U.S. and other Western commercial enterprises. They're doing this because its gives them economic clout, which today is a component of geo-strategic clout."
The National Science Foundation estimated the value of research and development in the U.S. at $4 billion in 2008, about 2.8% of the U.S. gross domestic product. "If somebody were to steal that, they would get all of the benefit and not have to pay any of the cost," Visner says.
It's too soon in the investigation to tell if the Global Payments data breach earlier this month falls under this category, but financial institutions are targets of such attacks (see story).
Advanced persistent attacks put sophisticated malware on a company's systems through a social engineering/phishing type attack approach, with incredible persistence and detail, Wansley says. A country might dedicate 100,000 people to such a project, who will build detailed personal profiles on individuals they're going after.
"They'll social engineer to the point where they know great details about people, who their colleagues are, and they'll send them a very innocuous email that looks like it's coming from your boss or best friend and says, 'Here's a picture of us together last weekend,'" Wansley says.
The email may be legitimate, but the picture could have malware on it and make the recipient an unwitting insider.
The malware learns about vulnerabilities inside a company's systems, collects intelligence, and seeks intellectual property or sensitive data. It has the potential to encrypt that information, copy it and send it out at night when it's less noticeable in an encrypted packet.
"You may see an increase in volume of data leaving at night but you don't know what it is," Wansley says.
Click Here for a longer, more in-depth version of this story.
What do you think about this? Send us your feedback. Click Here.