Advanced Persistent Threat Impacts

Advanced Persistent Threat Impacts
The attacks on computer networks are no longer forming the headlines of news, but another different type of attack is taking the cyber security problem to the next level. Those attacks are known as advanced persistent threats. The challenge of advanced persistently attacks as used in cyber war is continually evolving and escalating. The most recent incidents of APTs have upped the bar in light of their craftiness with sophisticated techniques that leverage social engineering, exploitation of automation-specific HMI software , and the exploitation of ICS protocol. The paper addresses the advanced persistent threats (APTs) and their impact on the industrial control systems (ICSs).
1. Define what an Advanced Persistent Threat (APT) is
According to Li and Atlas (2012) from the SANS Institute, an APT is a type of cyber attack that is initiated by a group of complex, determined and collaborated attackers that continually and systematically compromise a particular target’s machine or networks for a prolonged period.
2. How might an APT be used in a Cyber War to inflict damage on Industrial Control Systems?
It is true that the APTs can be used in cyber war to cause damage to the industrial control systems. There have been some attacks on ICS in the years that immediately followed the Stux net, and those attacks have not been interesting at all in the way they use IT-centric exploits in a more general way. The APTs have been found to be used by the attackers in the cyber war to accomplish attacks against the industrial control systems, thereby causing much damage in the process (Donovan, 2012). The term cyber war, in this case, means a Web-based conflict that incorporates politically motivated attacks on sensitive information and information systems. The cyber war attacks disable official networks and websites, disable or interrupt crucial services, steal or modify classical data, and handicap the financial systems among other possibilities.
As usual, the human factor involved in social engineering is a difficult challenge. Most APTs employ some techniques of social engineering. Although education has gone a long way to mitigating the issue, the motivated attackers have always been finding ways to trick the targeted individuals to opening email attachments containing malware, loading the infected file to a USB thumb drive, or clicking on link that leads one to a website with the malware (Chen, Desmet, & Huygens, 2014). Also, on the technology front, APTs by well-resourced actors such as states and cybercriminal organizations usually utilize both the known attacks as well as the zero-day exploits or malware that is undetectable by the conventional methods. Since the ICS are used components of sensitive systems of industries, they have become the target of many cyber criminals that use APTs to attack systems.
For a long time, most of the ICS networks have consisted of legacy systems with security strategies that do not match today’s sophisticated techniques used by the cyber criminals. When the advanced attackers combine social engineering and the zero-days, they have a very effective strategy for initiating a beachhead for the ICS attack (Donovan, 2012). APTs also use customized tools as well as intrusion techniques including vulnerability exploits, worms, rootkits, and viruses that are designed specifically to penetrate the targeted ICS system. Capabilities to stop the APTs do not exist or just starting to have deployment by forward-thinking companies. The high costs incurred by the breached ICSs including the safety concerns related to the cyber-physical processes that have gone awry in the critical infrastructure, the ability to stop APTs ought to be taken seriously by asset owners.
3. Provide an example of an APT being used to cause damage to an Industrial Control System
An example of an APT that is being used to damage the ICS is the Stuxnet, which was the first APT that leveraged a cyber attack to disrupt the physical infrastructure. The Stuxnet was believed to have been developed by the US and Israel, and it targeted the ICS of an Iranian nuclear plant. Even though the Stuxnet was specifically developed to attack the nuclear power plants in Iran, it has spread far and wide beyond the intended target and it is now being used against the ICSs in the Western countries such as the USA. The nature of the attacks of the Stuxnet is that it exploited the vulnerability in the web browsers like the IE thereby enabling the attackers to access the ICS systems and download malware to the systems.
Also, there have been a follow-up of APTs to the Stuxnet including the dubbed Duqu that was discovered in late 2011. Duqu acts like a sleeper agent and it quickly embeds itself in major industrial systems and gathers intelligence information from the same and that information can be used to accomplish further attacks. It is also studying the design documents with the intention of finding weak points that can form the basis of future attacks on those ICS facilities.
Summary
Certainly, APTs such as Stuxnet and Duqu will continue to be used in cyber war, and they will increasingly plague the governments, information security professionals and the operators of critical infrastructure. Therefore, it is time to take the APTs seriously as the mundane IS problems for the daily life in this 21st century.  
References
Chen, P., Desmet, L., & Huygens, C. (2014, September). A study on advanced persistent threats. In IFIP International Conference on Communications and Multimedia Security (pp. 63-72). Springer Berlin Heidelberg.
Donovan, F. (2012). Advanced persistent threats: First Salvo in the coming cyberwar. Retrieved from https://www.techopedia.com/2/28220/security/advanced-persistent-threats-...
Li, F., & Atlasis, A. (2011). A detailed analysis of an advanced persistent threat malware. SANS Institute InfoSec Reading Room.