Hackers for attacks on infrastructure companies in the fuel and energy sector into their system for several years prior to the attack, while waiting for the right moment, steal important information, says the report of Positive Technologies company, which is available to RIA Novosti.
“APT-groupings (professional hackers conducting targeted attacks – ed.) conduct a destructive attack is not immediately after penetration. They can control all systems of the enterprise, without taking any destructive actions, but only stealing important information and waiting for the right moment to begin the attack,” – said in the study.
Therefore, experts stress that the main purpose of these groups — long-term covert presence in the infrastructure. So, in the course of the investigation one of the incidents, the experts found out that the group TaskMasters involved in the theft of confidential documents and espionage, was in the infrastructure of the victim at least 8 years.
According to the Director of the expert center security Positive Technologies Alexei Novikov, to identify APT attacks at the moment of penetration of hackers into the system is difficult, a more effective approach to the detection of APT is to identify the activity of intruders after entry into the infrastructure.
“To identify APT attacks at the moment of penetration of the offender into the company — an extremely difficult task, but if the goal of the attacker is to secure its place in the infrastructure and monitor the key system as long as possible, then discover it and in the later stages of attack, for example, when it is moved between servers in the internal network. Such move will certainly leave artifacts in network traffic on all the nodes, this allows you to detect earlier penetration retrospectively and eliminate the threat before the attacker will go to active destructive acts or steal important information,” he says.