Credit Union Times: APT Will Get You

In a recent article posted by Robert McGarvey in the Credit Union Times, Threat of the Week: APT Will Get You, he talks about advanced persistent threats, referencing the high-profile hacks at large news and media companies.

NopSec’s Chief Technology Officer, Michelangelo Sidagni, contributed as an expert source for the article.

“These are very sophisticated attackers,” said Michelangelo Sidagni, chief technology officer at NopSec, a New York security firm. “They got log-in information for many reporters.”

How did the Chinese hackers gain entry into well-protected systems? The old-fashioned way, said Sidagni, who indicated they apparently used phishing attacks that baited target reporters into clicking on links they shouldn’t have. “People think hacking is technical but the weakest link usually is human.”

Interestingly, phishing as part of a penetration testing and security assessment used to be considered off limits. Instead, to slip packets through the firewall was considered mastery because phishing was too easy. However hackers tend to gravitate toward the path of least resistance and we now find ourselves in a situation where these type of breaches are quite commonplace.