We selected Kris Harms from Mandiant to give next week’s S4 Keynote on the topic of Advanced Persistent Threat [APT]. This week Google and Adobe announce investigations of some more serious than normal attacks. A couple of key excerpts from the Google blog:
In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
and
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.
If a country or organization is willing to target sophisticated attacks to learn info about human rights activists and potentially get commonly used source code, is it a stretch to believe they would apply similar resources and talents to learn how to attack critical infrastructure systems? And importantly maintain that capability – the P in APT.
As a community we need to address the most frequent threats of malware, script kiddies and non-targeted attacks, but we also need to start looking for and preparing for a much more talented and dangerous adversary. The looking for is important because would most control systems know they have been penetrated if the adversary chose not to affect the system yet?