Many of the CISOs I talk to tell me that “Advanced Persistent Threats” (APT) style attacks are among their top concerns. As I have written about before, the problem with the term APT is that it doesn’t describe this category of threats very accurately. This makes it harder to understand and mitigate this type of threat. Many of the threats we see in this category are not any more “advanced” or technically sophisticated than many of the broad-based attacks currently in use on the Internet. At Microsoft we find that a more accurate and useful term for this category of threat is “targeted attacks by determined adversaries”. The vast majority of these attacks use unpatched vulnerabilities for which updates are available, weak passwords, and social engineering to compromise systems.
Microsoft has released a series of whitepapers that are designed to help organizations understand and manage the risk posed by targeted attacks by determined adversaries. These papers include:
In addition, we are publishing a short series of videos that introduce many of the topics covered in these papers. In the videos I’m joined by subject matter experts, including the CISO of Microsoft, to discuss these threats and possible mitigations. The series includes the following videos:
Introduction to Determined Adversaries and Targeted Attacks: I provide background information on these types of attacks and set the context for the rest of the video series.
Mitigating Pass-the-Hash Attacks: Patrick Jungles, a Security Program Manager in Trustworthy Computing, explains what a Pass-the-Hash attack is and some tested mitigations to help manage the risk associated with credential theft attacks.
Anatomy of a Cyber-attack Part 1: Sean Finnegan, CTO of the Microsoft Consulting Services Cybersecurity Practice, walks through a typical targeted attack, step by step, describing how attackers perpetrate these attacks.
Anatomy of a Cyber-attack Part 2: Sean Finnegan finishes his briefing on how determined adversaries commit targeted attacks.
Importance of Securing Active Directory: Microsoft CISO, Bret Arsenault, discusses the importance of protecting your Active Directory in the context of target attacks
I strongly encourage you to share these resources with IT professionals and security professionals that help protect organizations and people.