Advanced Persistent Threat Impacts

Question: Describe about the Using the attached template, research Advanced Persistent Threats (APTs) and their potential impact to Industrial Control Systems. Answer: Definition of an Advanced Persistent Threat (APT) The concept of Advanced Persistent Threat (APT) indicates to assault on a system where an unapproved individual accesses the system as well as stays there hidden for a certain length of time. An APT assault aims to take information instead of making harm on the network or even an organization (Chandra, Challa Pasupuleti, 2015). The attackers of APT target the associations in various sectors having data or information of high value such as National Defense sector, Production companies and financial sectors. An APT is advanced as it utilizes stealth and numerous assault strategies to conciliate a target, frequently a high-esteem corporate or government asset. This sort of assault is additionally hard to identify, uproot and accredit to a specific attacker. The appalling thing identified with this sort of assault is that, once an objective is breached, indirect accesses are regularly made to furnish the attacker with progressing access to the system that has been compromised. APTs are viewed as persistence as the attacker might invest months gathering insight about the objective and utilize that knowledge to dispatch different assaults over a broadened timeframe (Sloan, 2014). It is devastating as offenders are regularly searching for profoundly delicate data, as for instance, the atomic power plants layout or codes to get into the U.S. protection contractual workers. An APT attack generally comprises of three principal goals as the stealing of sensitive data from the targeted system or network along with observation on the identified target and sabotaging the target. In this type of attack, the attacker anticipates to acquire it goals while remaining invisible in the network. Use of APT in a Cyber War to inflict damage on Industrial Control Systems In a basic type of assault, intruder tries to gain access and get out of the system immediately as possible. This is to maintain a strategic distance from recognition by the networks Intrusion Detection System (IDS). From the perspective of an APT assault, it can be said that the objective is not only to get in or out rather it focuses to achieve continuous entrance to the system (Bann, Singh Samsudin, 2015). The intruder continuously rewrites the code and employs sophisticated evasion techniques to maintain access without discovery. It is often found that some APTs require a full time administrator due to their complexity. The attackers involved in APTs regularly utilize trusted associations to acquire access to the systems and frameworks. These associations might be found, for instance, through a thoughtful insider or maybe even an unwitting worker who becomes victim to a spear phishing assault. The criminal administrators behind APTs select their objectives with incredible consideration, and they hand craft their penetration and assault techniques to have the best impact against the targeted known frameworks of the association and work force. Attackers scope out workers inside of the target association who have high-level access to the frameworks and procedures required for the assault (Auty, 2015). Attackers conduct surveillance to comprehend the frameworks in the target association, applications and systems to exploit unpatched, undetected or obscure (zero-day) vulnerabilities. In this manner upon targeting the employees within an organization the attackers can gain access to the control systems of the industry so that they can operate it according to their needs and access information or even hamper the operation of the system. Example of an APT being used to cause damage to an Industrial Control System The incident of cyber-attack on German Steel Mill as mentioned by Federal Office for Information Security can be considered as example of an APT that caused damage to the control systems in the organization. The attackers behind the incident displayed both hacking prowess and an in-depth knowledge of the steelworks IT network (Xenakis Ntantogian, 2014). More concerning, the attackers displayed detailed knowledge on applied industrial control and production processes as said in the report. Cyber-physical attacks, which involve software being used to inflict physical damage, are rare. However, they are a growing concern as more pieces of critical infrastructure become connected directly or indirectly to IP-based networks and the public Internet. The below mentioned Figure 1 represents the exploited vulnerabilities that helped the attacker to intrude in the network of German Steel Mill. Figure 1: Exploited Vulnerabilities in the German Steel Mill Incident (Source: Lee, Assante Conway, 2014) From sources on this occurrence it was found that there has been a gathering of various individual components breakdown within the control system of the German Steel Mill. The attack resulted in the incapability of the furnace to shut down properly which in turn presented surprising conditions and additional physical damage to the system. For better understanding of the Steel Mill components and operations the diagram is illustrated as below: Figure 2: Steel Mill Components and Operations (Source: Lee, Assante Conway, 2014) The attackers used a sophisticated spear-phishing e-mail and social engineering to get access to the office network at the steelworks (Cyberattack Inflicts Massive Damage on German Steel Factory, 2014). From there, they worked successively to production networks. The malicious code disrupted the function of control system components that led to a blast furnace not being able to be turned off in a regulated fashion which resulted into massive damage to the system. References Auty, M. 2015. Anatomy of an advanced persistent threat.Network Security,2015(4), 13-16. https://dx.doi.org/10.1016/s1353-4858 (15)30028-3 Bann, L., Singh, M., Samsudin, A. 2015. Trusted Security Policies for Tackling Advanced Persistent Threat via Spear Phishing in BYOD Environment.Procedia Computer Science,72, 129-136. https://dx.doi.org/10.1016/j.procs.2015.12.113 Cyberattack Inflicts Massive Damage on German Steel Factory. 2014.The Security Ledger. Retrieved 25 March 2016, from https://securityledger.com/2014/12/cyberattack-inflicts-massive-damage-on-german-steel-factory/ Lee, R., Assante, M., Conway, T. 2014. German Steel Mill Cyber Attack.ICS CP/PE (Cyber-To-Physical Or Process Effects) Case Study Paper, 6-8. Retrieved from https://ics.sans.org/media/ICS-CPPE-case-Study-2-German-Steelworks_Facility.pdf Sloan, R. 2014. Advanced Persistent Threat.Engineering Technology Reference. https://dx.doi.org/10.1049/etr.2014.0025 Vijaya Chandra, J., Challa, N., Pasupuleti, S. 2015. Intelligence based Defense System to Protect from Advanced Persistent Threat by means of Social Engineering on Social Cloud Platform.Indian Journal Of Science And Technology,8(28). https://dx.doi.org/10.17485/ijst/2015/v8i28/63544 Xenakis, C., Ntantogian, C. 2014. An advanced persistent threat in 3G networks: Attacking the home network from roaming networks.Computers Security,40, 84-94. https://dx.doi.org/10.1016/j.cose.2013.11.006