Advanced Persistent Threat – Focus Shifting from Industrial Data to Personal Data

APT’s is a form of data breach and usually target the industries, where data have lot of value. The focus of these attackers is shifting towards stealing personal information. For Example: Recently in 2019, FireEye has exposed the APT39, which is and APT group which targeted telecom industry in several countries of Middle east. It was found out that group mainly stole personal information. Several industries which are targeted by adversaries includes the following but are not limited to:

  1. Government and Defence: The government and defence industry are being targeted to steal data which can be valuable for their sponsoring government in terms of military, political and economic advantages. The attackers are now looking for stealing the public data available.
  2. BFSI: This industry is targeted to steal data such as finance documents, benefits records, invoices, business & strategic plans & goals, recurring reports, statements of work, and employee training materials, Employee resumes, credit/debit card details among others.
  3. Healthcare: APT group target this industry for stealing the proprietary data which can benefit government and domestic industries for achieving its strategic healthcare goals. Customer data such as patient’s history, health insurance and finance related data is highly targeted in this industry.
  4. IT and Telecom: IT and Telecom industry holds huge volume of sensitive data with themselves which makes them a target for APT attacks. With the massive load of personal data attackers target this industry to steal their subscriber’s information as well as their employee information.
  5. Energy and Utility: These industries are becoming the most popular victims of APT as they often have important strategic value for governments. Data related to natural resources and energy deals can be targeted by APT groups.
  6. Manufacturing: With the advancement in IoT smart manufacturing technology further cyber vulnerabilities can be exploited by attackers engaging this industry in espionage around the world.
  7. Transportation: Attackers are targeting transportation industry not only to steal the data but also to disrupt critical services which can damage the company reputation and poses threats to passenger safety. The personal data such as travelling, navigation, and tracking data are being targeted by attackers.
  8. Education: Educational institutes are being targeted by APT groups to gain access to the sensitive data and use their network infrastructure as a staging ground for targeting victims in other industries, as the activities from educational institutes network would appear less suspicious.

Conclusion

Threat groups by utilizing most common and available malware tools such as social engineering, spear phishing, rootkits, exploits and other tools are targeting various industries with a motive of stealing personal data of the public. These industries are in constant targets by the APT groups for stealing the confidential data which adds great value to threat groups. For preventing such advanced threats, organizations need to move towards the advanced solutions and enhance their basic defence solutions for defending themselves against APT’s.

– Sonam Chawla, 
Research Analyst,
Infoholic Research