Jun 8, 2021

Advanced persistent threats – Responding to sophisticated attacks.

Power stations, registration offices and innovative SMEs are rewarding targets for hackers and attacks on critical infrastructure can have severe consequences including power cuts, stolen data, industrial espionage. To stop attacks in their tracks, Bechtle’s experts work around the clock to protect your IT systems. If there should be a security incident however, it pays to be quick out of the blocks and as a qualified APT response provider, this is where we come in. Read on to find out how we can help you defend yourself against advanced persistent threats and how these attacks unfold.

written by

What makes APTs so dangerous?

Advanced persistent threats (APTs) are complex and targeted attacks on critical infrastructure and confidential data and are characterised by the considerable effort put in by criminals and organisations to carry them out. One aim of these kind of attacks is to disrupt public life by taking out critical infrastructure such as power and water supplies and telecommunications, but stealing technically advanced developments from SMEs is also a worthwhile target and companies that have an insufficient security setup are in the firing line.

Generally speaking, criminals take extreme care, and so their victims have no idea what is going on, but another, just as successful approach is to overwhelm the affected company by aggressively spreading throughout the infrastructure with the ultimate goal of rendering it useless. In stark contrast to other kinds of attacks, which companies are selected for quite randomly,  APTs have one target and involve the time-consuming manual development of attack techniques and tools to achieve it. These tools and techniques are then leveraged in the various phases of the attack.

What are the phases?

In an initial step, attackers try to get a foot in the door by leveraging techniques that have been tailored to your system. It’s at this stage that an enormous amount of effort tends to be put in, e.g. through the use of social engineering tactics, infected files and security vulnerabilities in applications. Once in, a foundation in the form of malware is created which opens back doors and tunnels unnoticed in the background and can keep them open for a long period of time. This is the starting point for the next phase.

Once the attacker or group has created a firm foundation, they can take on your employees’ identities, cracking passwords and exploiting gaps in tights management to gain access to accounts with privileged access. Armed with these extended rights, attackers are able to move freely around your corporate network on the hunt for other servers and well-secured sections.

Once in, cybercriminals either exfiltrate data for their own purposes or for those of a client. Attackers are capable of shutting down the entire infrastructure and it doesn’t matter to the criminals how long it takes. Many attacks begin weeks or months in advance with the installation of back doors that are used later either to launch a second wave or to carry out attacks on demand.

How can Bechtle support you?

As this kind of attacks can potentially cause damage to critical infrastructures and businesses, it’s crucial to detect and respond to them quickly and appropriately. While the attackers have all the time in the world, you need to react quickly to protect your sensitive data. The earlier unauthorised accesses and suspicious behaviour in your network is uncovered, the more likely it is you’ll be able to avert disaster, but this can be very difficult for individual companies. As a certified APT service provider, we support you both in detecting attacks early on and taking the right steps after an incident.

We offer 24×7 availability throughout Germany with a total of 31 regional security teams in 16 Competence Centres who will quickly get you back up and running in the event of an attack. We are also on hand with experienced incident response and IT forensics teams who react immediately when there is a security incident, ensuring compliance with the relevant reporting deadlines as well as the preservation of evidence for use in court.

Advanced persistent threats are one of the greatest fundamental challenges facing companies and state institutions. which is why a focus on your IT infrastructure security is crucial to protect your business against malicious activities on all layers. By planning your security measures holistically and strategically, you can build the best possible defences to protect your sensitive data and underlying infrastructure.

At the end of March 2021, Bechtle was selected as a qualified APT response service provider by the Federal Office for Information Security (BSI). The BSI’s aim is to provider the operators of critical infrastructure with an overview of the APT response service providers on the market. If you’ve been impacted by an attack and need support, we are available around the clock through our hotline.

Contact.

Phone: +49 7132 981 2783

E-mail: help.sirt@bechtle.com

Additional information on our security offerings can be found on our site.

Bechtle AG named qualified APT Response service provider

Bechtle AG has been named a qualified APT Response service provider according to Section 3 of the Act on the Federal Office for Information Security (BSIG), supporting critical infrastructure operators to defend against and tackle advanced persistent threat (APT) attacks.

 

Press Release

Share article

Published on Jun 8, 2021.