Recently I contacted an organization over a suspected cybersecurity threat. The threat itself contained several marks suggesting it being the work of an APT - an Advanced Persistent Threat. An organization or government spending significant amount of resources attempting to breach a system. Reasons for this assumption involve the delivery method (supply chain attack), the technical sophistication of the threat, and the highly targetted and tailor made nature of the threat.
Upon contacting this organization, the security operations centre took a look at this suspected threat, were able to independently verify and reproduce the suspected threat, but were unable to gain further information about its functioning and its targets. Being unable to assert its functioning, combined with a rule from their policy book, they determined that this suspected threat was of no risk to them.
Lets dive deeper into this assessment:
- From a capacity perspective this assessment is completely reasonable: there is always more work to do than time available for investigations like these
- The mere fact you’re being targetted by an APT is an important signal on its own. This gets one to wonder what they are out for.
- The mere fact that this threat went unnoticed for about two years is rather telling about its stealthiness. Rather than wondering whether or not one is already compromised it might be more helpful to start looking for indications of compromise.
- Fending off cybersecurity risks is a neverending game of cat and mouse. When dealing with highly sophisticated attacks, defenders will generally need to keep up with new developments.
- APTs are dead set on getting in. Is the identification of a single attempt going to make a meaningful change as to the extent and eventual success of their campaign?
These developments sparked my interest as to the factors and considerations regarding the priorization of work, and their impact on the cyber resillience of an organization. Hit me up on Mastodon if you have other considerations as well!