Most Advanced Persistent Threat (APT) groups are not focused on the size of an organization, but whether an organization can help them achieve their objective. That objective might be espionage or sabotage and it’s the significance of the organization toward accomplishing the objective, not the size, that matters. As a matter of fact, APT groups often leverage smaller targets such as supply chain partners or vendors as an entry point to larger attacks. Similarly, while state-sponsored APT groups are focused on gathering intelligence across any industry or sector, the majority are targeting critical infrastructure, including government agencies. Furthermore, the organizations most likely to be compromised by an APT group are the ones with unpatched product/appliance vulnerabilities – such as the vulnerabilities listed in CISA’s Known Exploited Vulnerabilities Catalog. Whether the APT groups are operating for Russian, Chinese, Iranian, etc. states, they all exploit vulnerabilities left unpatched by organizations of all size to help them achieve their objectives. For more on how APT groups select targets and how to protect against them, visit HelpNetSecurity.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!