Fermilab Computing Sector
Computing Sector Banner

Cybersecurity in the headlines

From Fermilab Today, June 8, 2015

Advanced Persistent Threat Lifecycle

Advanced persistent threats are different
from typical cyberattacks. They attempt
to obtain personal information to later gain
beachheads in other unrelated computing
systems. Image: Dell SecureWorks

Irwin Gaines

Those of us who work in cybersecurity would prefer to avoid publicity. In most cases when you hear or read about security it is because something unfortunate has happened. And in fact there have been headlines in the past few days about a security incident affecting the federal Office of Personnel Management.

The types of attacks that frequently make headlines are often the advanced persistent threats. This type of attack is rather different from the traditional hacker activity. The adversary emphasizes stealth, maintaining a low profile for an extended period of time to avoid detection and to maximize the amount of data he can collect. There are no flashy Web page defacements or noisy attacks on other systems, making it difficult to detect the presence of unauthorized users. And the aims of the attack are to gather information, not just credit card numbers that could be used for identity theft or financial gain, but also the kind of personal information that can be used in future social engineering attempts to gain beachheads in other unrelated computing systems.

Read more

printer friendly
 This page rendered in 0.3969 seconds