Back to the main page
Five Lessons Learned from an Advanced Persistent Threat
Advanced persistent threats (APT) are a type of sophisticated cyberattack from well coordinated and funded cybercriminals that penetrate an organization slowly and methodically. Their main goal is to gather sensitive, high-value data in industries including public sector, national defense, and technology. In its latest annual Data Breach Investigations Report, Verizon supports recent findings that a unit of the Chinese military known as APT1 stole sensitive data from 141 corporations over the last seven years.
Following revelations about the APT1 attacks, which were first made public in a report by information security company Mandiant, Oracle Database security expert Troy Kitch, principal director of Oracle security software product marketing, looked into the attack and came up with the following five key lessons learned.
Lesson 1: Break-ins Are Fast and Simple
SQL injection attacks take advantage of poorly written application code that enables attackers to communicate through the application tier, directly to the database. Such attacks are easy to implement, and attackers can get in and out within seconds or minutes. It is no surprise they are widely considered the top database security threat. And yet many organizations still lack a clear picture of what SQL injections are and how dangerous they can be.
Solution: Oracle Audit Vault and Database Firewall accurately detects and blocks unauthorized database activity, including SQL injection attacks, by monitoring traffic to Oracle and non-Oracle databases.
Lesson 2: Excessive Privileges Are Common
Too often, database administrators (DBAs) enable “all privileges” when setting up a database, with the assumption that they can never be sure when they might need them. The problem is, these excessive privileges create gaps in security. Then DBAs get busy and these holes are never closed. If the DBA leaves the company or moves to another group, the list of individuals with excess privileges grows longer and more difficult to manage.
Solution: With Oracle Database Vault, you can proactively protect application data from inappropriate access by privileged database users.
Lesson 3: The Evidence of Attacks Is in Front of Us
Abuse of privileged access is not invisible. It can be clearly detected in the form of failed logins, new account creation, privilege grants, and sensitive data reads and writes. However, many organizations aren’t tracking privileged user activities. For example, according to a recent Independent Oracle Users Group survey, only 39 percent of organizations monitor sensitive writes and only 33 percent monitor sensitive reads.
Solution: With Oracle Audit Vault and Database Firewall, you can get reports on consolidated audit data and logs generated by databases, operating systems, directories, file systems, and custom sources—all in a secure, centralized repository.
Lesson 4: It’s Too Easy to Access Data
Once cybercriminals compromise systems, it’s easy for them to maneuver throughout the IT stack. And if sensitive data in production databases is not transparently encrypted, whether at rest or in motion, it is all too easy for attackers to access it. The same goes for data in nonproduction environments, which often goes unmasked.
Solution: Oracle Advanced Security provides transparent data encryption within Oracle Database, and sensitive data redaction at the application tier. Oracle Data Masking allows production data to be safely used for development, testing, or sharing with outsource or off-shore partners for other nonproduction purposes.
Lesson 5: Misconfigurations Help Attackers
Configuration drift is a great way to give attackers the foothold they need to access critical systems. And unfortunately, many DBAs do not track the location of every database in their environments, nor do they track the exact location of sensitive data within those databases.
Solution: With Oracle Database Lifecycle Management Pack, you can simplify standardization and patching of all Oracle Databases to keep configurations aligned and ensure prompt implementation of the latest security updates.
Learn more about Oracle Database security solutions.