Advanced persistent threats as a manifestation of states’ military activity in cyber space

• Autorzy: Olszewski B.

Identyfikatory

DOI

10.5604/01.3001.0012.6227

• Języki publikacji: EN

Abstrakty

EN

The term Advanced Persistent Threats (APT, APTs) has a relatively short history – originated in the United States’ government spheres and as such was referred to cyber attacks waged by a state actor. The emergence of such threats has been linked to the evolution of the hacker underground that took place after 2000. The activity of specialists swelling the Black Hat ranks had the nature of criminal offences, targeting data collected by corporations and state institutions. Despite a dozen or so years of experience with APTs, they continue to be a dynamic category of contemporary cyber security threats, with many evolving components beyond simple classification. Their unambiguous identification as a strictly separate type is obstructed mainly by the complex structure of such attacks, prompting analysts to locate them in a catalog containing various known vulnerabilities, mechanisms, cycles and variables. The analysis of the problem and the evolution of attacks to date has led to the hypothesis that Advanced Persistent Threats are now in the phase of their further modification and testing as a means of offensive action in inter-state and asymmetric conflicts. Armed forces and special services of states saw in them not only a tool per se to achieve economic and military advantage, but a theoretical basis for further research on the development of advanced cyber weapon.

Słowa kluczowe

EN

APT; cyber warfare; cyber weapon; state

• Wydawca: Wydawnictwo Akademii Wojsk Lądowych imienia generała Tadeusza Kościuszki
• Czasopismo: Scientific Journal of the Military University of Land Forces
• Rocznik: 2018
• Tom: Vol. 50, No. 3(189)
• Strony: 57--71
• Opis fizyczny: Bibliogr. 40 poz., rys.

Twórcy

autor

Olszewski B.

• Institute of International Studies, University of Wrocław, Poland

Bibliografia

• 2009 Report to Congress of the U.S.-China Economic and Security Review Commission. (2009). Washington: U.S. Government Printing Office, [online]. 1 November 2009. Available at: http://origin.www.uscc.gov/sites/default/files/annual_reports/2009-Report-to-Congress.pdf [Accessed: 13 October 2016].
• 2012 Data Breach Investigation Report. (2012), [online]. Verizon (Website). Available at: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdf [Accessed: 13 October 2016].
• Advanced Persistent Threats Awareness. (2013), [online]. Trend Micro (Website). Available at: http://www.isaca.org/Knowledge-Center/Research/Documents/APT-Survey-Report_whp_Eng_0213.pdf [Accessed: 13 October 2016].
• Advanced Persistent Threats: A Symantec Perspective. (2011), [online]. Symantec (Website). Available at: https://www.symantec.com/content/en/us/enterprise/white_papers/b-advanced_persistent_threats_WP_21215957.en-us.pdf [Accessed: 13 October 2016].
• Andress, J. and Winterfeld, S. (2014). Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners. Waltham: Syngress.
• APT: The Best Defense Is a Full Spectrum Offense. (2014), [online]. Zscaler, San Jose (Website). Available at: https://www.zscaler.com/pdf/whitepapers/zscaler-apt-the-best-defense-whitepaper.pdf [Accessed: 13 October 2016].
• APT: Zaawansowane trwale zagrozenie. (n.d.), [online]. Abbreviation Finder (Website). Available at: http://www.abbreviationfinder.org/pl/acronyms/apt_advanced-persistent-threat.html [Accessed: 13 October 2016].
• APT28: A Window Into Russia’s Cyber Espionage Operations? (2014), [online]. FireEye (Website). Available at: https://www.fireeye.com/content/dam/fireeye-www/global/en/currentthreats/pdfs/rpt-apt28.pdf [Accessed: 13 October 2016].
• APTs. New waves of advanced persistent threats are vastly improved and smarter than ever. (2015), [online]. Haymarket Media. Available at: https://www.sans.org/media/press/SC-Mag-APT-eBook.pdf [Accessed: 13 October 2016].
• Barnes, J.E. (2008). Pentagon computer networks attacked, [online]. Post: 28 November 2008. Available at: http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28 [Accessed: 13 October 2016].
• Bequerel, S. (2013). Wszystko, co powinienes wiedziec o APT, [online]. Post: 22 November 2013. Available at: https://plblog.kaspersky.com/wszystko-co-powinienes-wiedziec-o-apt/696/ [Accessed: 13 October 2016].
• Carvey, H. (2006). More Real Threat Reporting, [online]. Post: 18 August 2006. Available at: http://taosecurity.blogspot.com/2006/08/more-real-threat-reporting.html [Accessed: 13 October 2016].
• Chen, P., Desmet, L. and Huygens, C. (n.d.). A study on Advanced Persistent Threats, [online]. Available at: https://lirias.kuleuven.be/bitstream/123456789/461050/1/2014-apt-study.pdf [Accessed: 13 October 2016].
• Clayton, M. (2010). US oil industry hit by cyberattacks: Was China involved?, [online]. The Christian Science Monitor (Website). Available at: http://www.csmonitor.com/USA/ 2010/0125/US-oil-industry-hit-by-cyberattacks-Was-China-involved [Accessed: 13 October 2016].
• Cloppert, M. (2011). Why Stuxnet Isn't APT, [online]. Post: 24 March 2011. Available at: https://digital-forensics.sans.org/blog/2011/03/24/digital-forensics-stuxnet-apt [Accessed: 13 October 2016].
• Cyber Definitions. (n.d.), [online]. NATO Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia (Website). Available at: https://ccdcoe.org/cyber-definitions.html [Accessed: 13 October 2016].
• Cyber Espionage. The Harsh Reality of Advanced Security Threats. (2011), [online]. Deloitte. Available at: https://www.isaca.org/chapters1/phoenix/events/Documents/cyber_espio nage.pdf [Accessed: 13 October 2016].
• Detecting the Enemy Inside the Network. How Tough is to Deal with APTs? (2012), [online]. Trend Micro. Available at: http://www.trendmicro.co.uk/media/wp/apt-primer-whitepaper.pdf [Accessed: 13 October 2016].
• Farber, D. (2013). NSA reportedly planted spyware on electronics equipment, [online]. Post: 29 December 2013. Available at: https://www.cnet.com/news/nsa-reportedly-planted-spyware-on-electronics-equipment/ [Accessed: 13 October 2016].
• Gajewski, M. (2013). Cyberataki typu APT nowym frontem wojny, [online]. Post: 21 March 2013. Available at: http://www.chip.pl/news/bezpieczenstwo/luki-bezpieczenstwa/2013/03/cyberataki-typu-apt-nowym-frontem-wojny [Accessed: 13 October 2016].
• Ghafir, I. and Prenosil, V. (2014). Advanced Persistent Threat Attack Detection: An Overview. Proc. of the Intl. Conf. on Advances In Computing, Electronics and Electrical Technology – CEET 2014. Institute of Research Engineers and Doctors, Kuala Lumpur, Seek Digital Library, pp. 154-158. DOI: 10.15224/978-1-63248-005-7-55.
• Gostev, A. (2014). Agent.btz: a Source of Inspiration?, [online]. Post: 12 March 2014. Available at: https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/ [Accessed: 13 October 2016].
• Greenert, J. and Welsh, M. (2013). Breaking the Kill Chain. How to keep America in the game when our enemies are trying to shut us out, [online]. Available at: http://foreign policy.com/2013/05/17/breaking-the-kill-chain/ [Accessed: 13 October 2016].
• Harrel, Y. (2015). Rosyjska cyberstrategia. Warszawa: Wydawnictwo DiG.
• Kissel, R. (ed.). (2013). Glossary of Key Information Security Terms. NISTIR 7298, Rev. 2, [online]. Gaithersburg: National Institute of Standards and Technology. Available at: http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf [Accessed: 29 September 2018].
• Kostecki, W. (2012). Strach i potega. Bezpieczenstwo miedzynarodowe w XXI wieku. Warszawa: Poltext.
• Liang, Q. and Xiangsui, W. (1999). Unrestricted Warfare. Beijing: PLA Literature and Arts Publishing House.
• Lord, N. (2018). What is an Advanced Persistent Threat? APT Definition, [online]. Mandiant. Post: 11 September 2018. Available at: https://digitalguardian.com/blog/what-advanced-persistent-threat-apt-definition [Accessed: 13 October 2016].
• Mandiant M-Trends. The Advanced Persistent Threat. (2010), [online]. Mandiant. Available at: http://static1.1.sqspcdn.com/static/f/956646/23348947/1377032203613/M-Trends+by+Mandiant.pdf?token=rHVNRdmJOeNXpYxvBtLi1LiZcAk%3D [Accessed: 13 October 2016].
• M-Trends® 2013: Attack the Security Gap. (2013), [online]. Available at: https://www2.fireeye.com/WEB-2013-MNDT-RPT-M-Trends-2013_LP.html [Accessed: 13 October 2016].
• Osborne, C. (2015). Security in 2016: The death of advanced persistent threats, [online]. Post: 17 November 2015. Available at: http://www.zdnet.com/article/security-in-2016-the-death-of-advanced-persistent-threats/ [Accessed: 13 October 2016].
• Passeri, P. (2012). What is a Cyber Weapon?, [online]. Hackmageddon (Website). Post: 22 April 2012. Available at: http://www.hackmageddon.com/2012/04/22/what-is-a-cyber-weapon/ [Accessed: 30 September 2018].
• Rawnsley, A. (2011). Fishy Chips: Spies Want to Hack-Proof Circuits, [online]. Post: 24 June 2011. Available at: https://www.wired.com/2011/06/chips-oy-spies-want-to-hack-proof-circuits/#more-49990 [Accessed: 13 October 2016].
• Skorobogatov, S.P. (2005). Semi-invasive attacks – A new approach to hardware security analysis, [online]. Cambridge 2005: University of Cambridge Computer Laboratory. Available at: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf [Accessed: 29 September 2018].
• Smith, B. (2013). Protecting customer data from government snooping, [online]. Available at: https://blogs.microsoft.com/blog/2013/12/04/protecting-customer-data-from-government-snooping/#sm.000q1t0tbw42e8x116s27dp570ftt [Accessed: 13 October 2016].
• Stoll, C. (1989). The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. New York: Doubleday.
• Tankard, C. (2011). Advanced Persistent threats and how to monitor and deter them. Network Security, no. 8, pp. 16-19. Available at: http://www.sciencedirect.com/science/article/pii/S1353485811700861 [Accessed: 29 September 2018].
• Tracking GhostNet: Investigating a Cyber Espionage Network. (2009), [online]. Information Warfare Monitor, 29 March 2009. Available at: http://www.nartv.org/mirror/ghostnet.pdf [Accessed: 13 October 2016].
• Trend Micro Deep Discovery. Ochrona nastepnej generacji przed atakami skierowanymi i APT, (n.d.), [online]. Available at: http://www.clico.pl/rozwiazania/producenci/trend-micro/trend-micro-deep-discovery [Accessed: 13 October 2016].
• Virvilis, N., Gritzalis, D. and Apostolopoulos, T. (2013). Trusted Computing vs. Advanced Persistent Threats: Can a defender win this game? Proceeding UIC-ATC '13 Proceedings of the 2013 IEEE 10th International Conference on Ubiquitous Intelligence & Computing and 2013 IEEE 10th International Conference on Autonomic & Trusted Computing (UIC/ATC), IEEE Xplore, Washington, pp. 396-403, DOI: 10.1109/UIC-ATC.2013.80.