Contact Contact Us

WEEKLY COMMENTS

The recent attacks on financial institutions, healthcare institutions, and government organisations in Singapore and around the world have thrust APT groups into the limelight again. North Korean APT groups like Hidden Cobra and APT38 are targeting financial institutions, Russian APT group Fancy Bear has been carrying out low-profile espionage operations on military and government organisations, and an unidentified APT group had compromised SingHealth’s network. These APT groups are highly skilled, and they operate in a highly targeted manner using a trove of both customised and open source tools to evade detection and minimise suspicion. APT attacks can cause substantial financial and corporate damages for individuals and organisations, as recent attacks have shown.

Like any other attacks, there is no silver bullet to securing an organisation from APT attacks. We advise organisations to understand the cyber kill chain that illustrates the various stages of an APT attack – reconnaissance, weaponisation, delivery, exploitation, installation, command and control, and actions on objectives – and adopt defence measures at each stage of the kill chain. The earlier an organisation can detect and stop an attack closer to the beginning of the kill chain, the better. In addition, we recommend organisations to subscribe to threat intelligence services that offer research and analysis about APT groups targeting their industries or geographies, so that they are informed of the latest tactics, techniques, and procedures of certain APT groups and can make intelligence-led decisions to protect their assets from potential APT attacks.

Ensign InfoSecurity Singapore
6 Commonwealth Lane
Singapore 149547

Tel: +65 6788 2882
Fax: +65 6788 3883