Dark Reading: The Changing Face Of Advanced Persistent Threats

APTs and targeted attacks are becoming more mainstream. Is your enterprise ready?

By Robert Lemos
August 19, 2013

Earlier this year, a small aerospace company asked AccessData, a forensics and security firm, to investigate how its data had ended up on file-sharing service Box.com. The firm, which AccessData declined to identify, had received a call from the file-sharing service's sales team asking if it wanted to upgrade its accounts to Box's enterprise service.

The only problem: The aerospace company had never signed up for Box.

AccessData's investigation revealed that malware had compromised the systems of six employees at the company and created accounts for each of them on the cloud service. From there, the attackers uploaded and downloaded data. "Traffic going to Box.com seems pretty innocuous, so from the attacker's perspective, this is brilliant," says Jordan Cruz, senior forensic consultant for AccessData.

This type of targeted attack, sometimes filed under the heading advanced persistent threats (APTs), is increasingly being used to gain access to proprietary and confidential enterprise data. Attackers are refining their tactics, sometimes using public cloud services to bypass monitoring that flags suspicious traffic. AccessData isn't the only security company to identify such tactics; threat intelligence firm CyberSquared announced last month its discovery that a Chinese espionage group, known as the Comment Crew or APT1, had used Dropbox as an intermediate online cache for delivering malware.

Click the URL above to read the full article