Trend Micro Debunks APT Myths

Kuala Lumpur – Mar. 22, 2012 – In today’s threat landscape, the concern surrounding advanced persistent threats, or APTs, is increasing. The recent “Linsanity” attack, part of a LURID campaign that, since its discovery in 2011, affected over 1,465 computers in over 61 countries, including Vietnam, India, Mongolia, and China, shows just how trendy and dangerous APTs can be. In its monthly APAC Press Room, Trend Micro Incorporated (TYO: 4704;TSE: 4704), a global cloud security leader, sheds some light on APT fact vs. fiction.

While most people today have at least heard of APTs, perhaps have a general idea of what APTs may be, there are still misperceptions and confusion surrounding this topic. Trend Micro debunks the top 5 APT myths:

1. APTs, at its onset, target just one entity. While the scope is definitely narrower in nature than traditional threats, they are still part of a broader campaign.
2. APTs are isolated events. APTs are more of a constant threat among a range of targets aiming to compromise a target over a period of time.
3. APTs know the specific set of information they want to steal. Most attackers have an idea on the type of information they want to steal (e.g., all information related to new products or new technology). However, they do not know the specific set of files or information pertaining to that new product. This is why APTs require both lateral movement and stealth while seeking sensitive information.
4. APTs and data breaches are the same. Though often confused, APTs are slightly different from data breaches: APTs can lead to data breaches; however, not all data breaches are caused by APTs.
5. APT attackers’ motivation is similar to traditional cybercriminals’, which is money. In APTs, attackers are less concerned with financial gain in favor of information, espionage, and/or sabotage.

Solutions
Unfortunately, there is no one-size-fits-all solution to APTs. However there are certain things a corporation can do to decrease their risk of vulnerability to APTs:

• Enhance network visibility, insight, and control through security solutions
• Select a security solution with integrity checks to safeguard against malware changes in systems and registries which can lead to persistence.

The good news is, Trend Micro is releasing Deep Discovery, the next-generation protection from APTs, in the APAC region. Deep Discovery was specifically designed according to solutions required for APT threats, with specialized advanced malware detection and event correlation across every stage of the attack sequence, undoubtedly making it a top choice in the APT security market.

However, despite these precautions, the most important thing a company can do in protecting itself against APTs is empowering its employees. Humans are the weakest link in a corporation’s defense strategy but an educated and trained employee can be the key to counteracting an APT or any other type of security breach.