M-Trends: The Advance of the Persistent Threat

The Advanced Persistent Threat (APT) is an advanced persistent reality!   It’s all over the news.  Everyone seems to be either talking about it or affected by it.  MANDIANT defines the APT as a group of sophisticated, persistent, and coordinated attackers that have been systematically compromising U.S. government and commercial computer networks for years.  The vast majority of APT activity observed by MANDIANT has been linked to China.
MANDIANT has over seven years experience conducting Advanced Persistent Threat (APT) intrusion investigations for the U.S. government, the defense industrial base and commercial organizations.  During that time, we’ve learned many things, and we want to share our lessons learned with the security community.  A team of our APT experts has been working diligently on a report that we call “M-Trends.”   M-Trends focuses on what the APT attackers do and how they do it.
Some highlights from “M-Trends” include:

The APT isn’t just a government problem; it isn’t just a defense contractor problem; and it isn’t just a military problem. The APT is everyone’s problem.
No target is too small, or too obscure, or too well-defended. No organization is too large, too well-known, or too vulnerable. It’s not spy-versus-spy espionage. It’s spy-versus-everyone.
Classic “prevent and detect” techniques do not effectively counter the APT. The attackers can easily defeat normal defenses. They successfully evade anti-virus software, network intrusion detection and under-equipped incident responders. They use (continue reading...)