As businesses focus on protecting themselves from Business Email Compromise (BEC), ransomware, and commodity malware, a major cyber-threat is flying under their radar: Advanced Persistent Threat (APT) actors. According to a new report from cybersecurity researchers at Proofpoint, multiple APT actors are specifically targeting small and medium-sized businesses (SMBs), with goals ranging from cyber-espionage to intellectual property (IP) theft, from disinformation campaigns to outright destructive behavior. In some instances, APTs are also looking for money, especially when targeting blockchain firms and decentralized finance (DeFi) solutions.
The researchers note that these APTs often have “aligned interests” with countries such as Russia, Iran, or North Korea. These groups are formidable adversaries, the report claims, describing them as “skilled threat actors” that are well-funded and have a clear goal in mind. Their modus operandi usually involves phishing. First, they would either impersonate or take over an SMB domain or email address and then use it to send a malicious email to subsequent targets. If an APT compromised a web server hosting a domain, they would then use it to host or deliver malware to third-party targets.
One such group is TA473, also known as Winter Vivern. This APT was observed targeting US and European government entities with phishing emails between November 2022 and February 2023. The group had used emails coming from either unpatched or unsecure WordPress hosted domains to target its victims. It also used unpatched Zimbra web mail servers to compromise government entity email accounts.
The APT phishing landscape is growing “increasingly complex,” the researchers say, adding that the threat actors are “avidly looking” to target vulnerable SMBs and regional managed service providers (MSPs). Businesses must take proactive measures to protect themselves from these threats.
Here are some tips for protecting your business from APTs:
1. Train your employees to recognize phishing emails and other social engineering tactics. Provide regular training sessions and reminders to keep your team up-to-date on the latest threats.
2. Use multi-factor authentication (MFA) to protect your accounts. This adds an extra layer of security by requiring a second form of authentication, such as a code sent to a mobile device, in addition to a password.
3. Keep your software up-to-date. APTs often exploit vulnerabilities in outdated software to gain access to systems. Regularly update your software and apply security patches as soon as they become available.
4. Use endpoint protection software. This type of software can detect and block malware before it can infect your system.
5. Implement a security information and event management (SIEM) system. This type of system can help you detect and respond to security incidents in real-time.
6. Conduct regular security audits. Regularly review your security policies and procedures to ensure they are up-to-date and effective.
By taking these steps, businesses can protect themselves from APTs and other cyber-threats. Don’t wait until it’s too late – start securing your systems today.
