Today, our publication is from the field of Informatic security, specifically on the subject of what is now known as "APT attack" o Advanced Persistent Threat
And if they can affect our Free and open operating systems based in GNU / Linux, and how we can do to avoid or mitigate them.
Let's keep in mind that, all kinds of computer attacks tend to be mostly aimed at Private, closed and commercial Operating Systems as Windows and MacOS. This due to their high popularity.
However, despite the widespread opinion that GNU / Linux is a Very safe operating system, which is very true, that does not mean that it is not susceptible to malicious code attacks.
And therefore, it is important to follow any recommendation or advice to help us in the task of preserving our ciberseguridad. Tips such as some that we have addressed before, and we will share again, immediately leaving the link of said previous related publication and other similar ones below:
"Whether at home, on the street or at work, in the name of productivity or comfort, we usually carry out activities or carry out actions that are often at odds with good practices in Computer Security, which in the long run can cause major problems or costs to themselves or others. Therefore, the integration of the necessary and vital Computer Security measures in our activities, personal and work, is one of the best ways to improve our personal productivity or as employees, or of our companies or organizations where we work." Computer Security Tips for Everyone Anytime, Anywhere
Table of Contents
APT Attack: Advanced Persistent Threat
At the news level, especially in recent years, we have been able to appreciate the increase in cyber attacks, both to countries and to public and private organizations. Especially now, with the increase in remote work (telecommuting) due to the situation of the COVID-19 pandemic. News of supply chain attacks, ransomware attacks or cyber espionage attacks, among others, are heard very frequently today.
However, there is a type of attack that is becoming more and more popular and can affect patients very effectively. GNU / Linux-based Operating Systems. And this type of cyber attack is known as "APT attack" o Advanced Persistent Threat.
What are APT Attacks?
Un "APT attack" can be described as:
"An organized attack focused on gaining prolonged access to a computer system by an unauthorized person or group. Reason why, its main objective is usually the theft of data in a massive way or the supervision (monitoring) of the activity of the attacked computer network. APT attacks are usually very complex, since, for example, they usually combine different techniques such as SQL and XSS. Therefore, avoiding or protecting yourself from them requires advanced and robust computer security strategies."
In detail, the acronyms APT (Advanced Persistent Threat) refer to:
The novel and complex use of varied and well-known hacking techniques to achieve the malicious objectives set. Many of these techniques by themselves are not so dangerous or effective, but when combined and used they can allow any person or group to gain access, and do significant damage to the invaded system.
The enormous amount of time such attacks can take within an invaded system before they can be detected. This above all is essential, since it allows the achievement of its main objective, that is, the theft (extraction) of as much data as possible. Stealth and undetectibility to achieve the longest possible time in the attack is what characterizes the groups that use these methods.
The enormous threat posed by an attack of these, which combines malicious programs that manage to invade computer systems stealthily for a long time to steal data and learn sensitive information about activities. And all by highly motivated attackers endowed with technical skills and unusual resources towards organizations, which generally provide critical services or handle sensitive information from internal users and customers.
How can we avoid APT-type computer attacks on GNU / Linux?
Both for Computers as if to Servers, with GNU / Linux or other Operating Systems, the ideal is to implement as many measures as possible, among which we can briefly mention the following:
- Carefully configure the firewall (s) used, ensuring that they keep event logs and block all unused ports.
- Create a list of trusted software sources (repositories), block software installation and scripts from third-party sources.
- Frequently audit computer equipment and systems, to check event logs for indicators of attack. Also, perform penetration tests regularly.
- Use, where possible, two-factor authentication methods and security tokens. And reinforce the use of strong passwords that are changed more frequently.
- Update the Operating Systems and installed applications on time. Preferably schedule automatic updates, avoiding any updates through unverifiable and unencrypted channels.
- Implement where possible and required, Devices with encrypted systems, Trusted Boot and hardware integrity control tools. Especially to avoid attacks from within. And if necessary, install tools that reduce the probability of exploiting vulnerabilities from Spear Phishing and application crashes.
- Use tools such as Honeypot and Honeynets, which serve as decoys (easy targets) so that any intrusion attempt is detected quickly, and the necessary corrections can be activated in time, through the study of techniques used by intruders who have compromised network security.
- Use Intrusion Detection Systems (IDS) on the network, to locate and prevent attackers from carrying out ARP spoofing, Rogue DHCP server or other attacks; and Host-based Intrusion Detection Systems (HIDS) on the equipment, to monitor the system status of each computer and warn in time of possible threats.
- Implement advanced (robust) computer security solutions, especially in terms of Antivirus or Antimalware Systems, since conventional systems are not usually effective against them. Also, in terms of firewall (firewall). Since a well advanced (robust) one can very well isolate our computing environment from the outside and well configured it can allow us to detect APT attacks, by monitoring and analyzing the flow of input and output data.
In short, strengthen and improve the equipment and tools, the practices used, the protocols, rules and procedures implemented to work, and make each and every user aware of them to increase the computer security of all.
In short, it is clear that what we know as "APT attack" Today, they are increasingly frequent attacks, carried out by Cybercriminals that put more and more effort and creativity at the time of carrying them out. Using and combining everything that is possible to achieve their unhealthy goals. And therefore, do not skimp on the implementation of any security measure about GNU / Linux and other Operating Systems to avoid or mitigate them.
We hope that this publication will be very useful for the entire
«Comunidad de Software Libre y Código Abierto» and of great contribution to the improvement, growth and diffusion of the ecosystem of applications available for
«GNU/Linux». And do not stop sharing it with others, on your favorite websites, channels, groups or communities of social networks or messaging systems. Finally, visit our home page at «FromLinux» to explore more news, and join our official channel Telegram from DesdeLinux.