NUS-NTU hack: What is an 'advanced persistent threat' cyber attack?
SINGAPORE — The "advanced persistent threat" (APT) behind the recent online breaches at the National University of Singapore and Nanyang Technological University is a stealthy and highly sophisticated form of cyber attack.
To carry out the Advanced Persistent Threat, sophisticated hackers would first aim individuals working at the targeted organisation. Photo: Reuters
SINGAPORE — The "advanced persistent threat" (APT) behind the recent online breaches at the National University of Singapore and Nanyang Technological University is a stealthy and highly sophisticated form of cyber attack.
It involves a variety of intelligence-gathering techniques and can remain undetected for a prolonged period. The goal of such attacks is to steal confidential information, according to information on the Cyber Security Agency of Singapore's website.
Unlike traditional cyber threats such as viruses and malware, which are used to hack into different systems or the networks of various companies, APT attacks are designed to target a specific entity. They are highly customised in order to get around existing security measures designed by that company or organisation.
To avoid being traced, the attacks are typically carried out through individuals associated with those entities.
Sophisticated hackers do so by first getting to know employees working at the targeted organisations. This could be achieved by posing as friendly delegates and exchanging name cards at a seminar, or harvesting information posted publicly on social media.
Next up, “spear phishing”. This is where hackers will send “innocent-looking” emails with attachments containing information related to the individual’s field of work, research or interest.
Such emails might also contain hyperlinks to websites which contain malware aimed at tapping on undiscovered vulnerabilities in the IT system to steal data. Hackers could also use such methods to install “backdoors” to turn the targeted individuals’ computers into a “command and control” server from which they can launch their attacks and avoid detection.
To avoid being used as a tool of attack, the CSA advised individuals to be selective of the information that they post online, and restrict who can view their social media profiles. They should also be cautious when opening attachments or hyperlinks sent by new associates or unknown parties.
Stay in the know. Anytime. Anywhere.
Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.
By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.
