Communicat.us

I’ve been following the news related to Google and GMail getting hack since the day it was discovered but as cyber security is not my forte, I didn’t fully understand it and more to the point, didn’t think I ever would. Thankfully, Kim Zetter, reporting for WIRED does an excellent job of explaining "Advanced Persistent Threats" (APT) to the rest of us. Here are just a few points from the article …

… the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs … the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures

… The attackers were in the firm’s network for a year before the [law] firm learned from law enforcement that it been hacked. By then, the intruders harvested thousands of e-mails and attachments from mail servers.

… Mandiant has seen malware and backdoors that were programmed to lay dormant for months — more than a year in one case — before awakening and sending a beacon to an external command center signaling that it was alive — long after the company thought it had eradicated the intruders.

The article outlines the process of attack …

• the attackers conduct reconnaissance to identify workers to target in spear-phishing attacks … then send malicious e-mails or instant messages that appear to come from a trusted colleague or friend

• the e-mails have an attachment or link to a ZIP file containing zero-day malware that exploits Microsoft Office or Adobe Reader vulnerabilities. they focus on obtaining elevated access privileges to burrow further into the network

• stolen e-mail messages and documents are collected and stored on a staging server inside the company’s network before being encrypted with custom algorithms and compressed into an .rar file.

• the files are then siphoned out in small random bursts generally via normal protocols

Read the full article @ "Report Details Hacks Targeting Google, Others", Wired.com