Saturday, January 24, 2015

Tabula Rosa Blog Of the Day - IPv4 And IPv6 Dynamics


 IPv4 exhaustion stunts Internet growth in 2014

IPv4 network growth slows to about 8 per cent, reports APNIC

Adam Bender (Computerworld) on 23 January, 2015 14:09

Expansion of the Internet slowed in 2014 as the number of available IPv4 addresses neared exhaustion, according to a report by the Asia Pacific Network Information Centre (APNIC), the regional Internet registry for the Asia Pacific.

“In the IPv4 network it’s clear that address exhaustion in most parts of the world has acted as a very major constraint on the continued expansion of the network,” APNIC chief scientist Geoff Huston wrote in a blog post about the report.

"The network is still growing, but its no longer doubling in size each year. The current growth rate is around some 8% to 9% per year."
The report provides more detail on reasons for the slowdown.
"The correlation between network deployments and routing advertisements has been disrupted by the hiatus in supply of IPv4 addresses, causing more recent deployments to make extensive use of various forms of address sharing technologies," states the report, which is available on the APNIC website

IPv6 provides about 340 undecillion IP addresses, compared to the 4 billion addresses supported by IPv4. As the number of Internet-connected devices has grown, exhaustion of IPv4 addresses has necessitated the adoption of IPv6.

"The IPv6 network is still much smaller than the IPv4 network," said Huston.

"Much has been done to convert the core of the network to support IPv6, but at the access networks at the edge there is still much to be done. The IPv6 network is one twentieth of the size of the IPv4 network, but its growth rate is more than double that of IPv4, at some 20% per year."

Progress remains slow in the movement to IPv6, the APNIC report said.

 “While a small number of providers have made significant progress in public IPv6 deployments for their respective customer base, the overall majority of the Internet is still exclusively using IPv4,” the report said.

“This is despite the fact that among that small set of networks that have deployed IPv6 are some of the largest ISPs in the Internet!”
==============================================

**Important note** - contact our company for very powerful solutions for security, firewall and APT solutions:

www.tabularosa.net (609) 818 1802

In addition to this blog, our sister company, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================
video

Tabula Rosa Systems Alert - Google Releases Vulnerability Upgrade For Chrome





National Cyber Awareness System:
01/23/2015 05:14 PM EST

Original release date: January 23, 2015
Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information.
US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

Tabula Rosa Systems Blog Of The Day - FBI Shows Ransomeware On The Rise



National Cyber Awareness System:
01/23/2015 06:42 PM EST

Original release date: January 23, 2015
The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it.
==========================================================
Users and administrators are encouraged to review the FBI article "Ransomware on the Rise" for details and refer to Alert TA-295A for information on Crypto Ransomware.
**Important note** - contact our sister company for very powerful solutions for security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================



Friday, January 23, 2015

Creativity In Business Email From Netiquette IQ



 ========================================


 Many people associate Netiquette with traditional etiquette, with strict rules, stuffiness and usually seriously practiced by the very rich. Well, this concept is completely wrong except in regard to core principles, another topic altogether.


Netiquette may have some strict rules but it adaptable to social media, more modernized methods of communication and contemporary content.

Below is a section of my Netiquette book for job seekers, noted below which discusses Netiquette creativity.

Good Netiquette to all!

=================================

Netiquette Creativity – the potential differentiator

“You never get a second chance to make a first impression.”
—Will Rogers 

            Are business Netiquette and creativity mutually exclusive?  Are they partners by necessity?  Can they be combined to offer a stronger, more effective means of successful communication for the job seeker which result in more email opens, reads, interviews and the new job?
            The answers to the above questions is that email Netiquette and creativity are not only complimentary, but combined they offer a stronger and more effective vehicle for achieving your employment objectives.  When any recipient receives an email, we all know that an appropriate personalization adds a layer of acceptance, i.e., the following salutations:

            Dear Dale Carnegie – wrong
            Dear Carnegie – very wrong
            Dear Mr. Carnegie – correct

The need to capture attention

            Today’s job market is crowded, shifting demographically and, because of growing technology, inundated with résumés.  It is not uncommon to have hundreds of emails/résumés sent for a single job opening.  It is no longer enough to have a thoughtful, well designed and content-rich cover letter/résumé.  There is often a need for embellishments and enhancements to job seeker’s email to capture the recruiter’s /hiring manager’s attention beyond the 3-8 second interval for which many documents are given.  It really isn’t a strict set of rules for using creativity on your job search emails, it is more a question of when, where and to whom to do this.

In order to increase the opens, reads and sustained attention of the recipient, there are many items you can introduce into your email to distinguish it from others.  This, together with a strong Netiquette foundation will bring you to the level of a “Netiquette IQ One Percenter.” In achieving this, you will most assuredly accomplish your asserted goal of having your résumé opened and read.
**Important note** - contact our sister company for very powerful solutions for security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Blog Of The Day - Safer Internet Day!



All of us want a safer Internet. More and more events and malware are making this very challenging. It is especially important to make sure we can safely have our children and young people use the Internet with a minimum of dangers. I cam across this website and I encourage all netizens to familiarize themselves with it.
Good Netiquette to all !
====================================
WELCOME TO THE SAFER INTERNET DAY WEBSITE
Safer Internet Day (SID) is organised by Insafe in February of each year to promote safer and more responsible use of online technology and mobile phones, especially among children and young people across the world.
Safer Internet Day 2015 will be celebrated on Tuesday 10 February 2015, with the strapline, once again, of “Let’s create a better internet together” following the success of last year's campaign.
This website showcases some of the exciting activities and events that took place to celebrate the day in 2014. Click on the map below to get started, using the zoom control to locate the contacts and events in your country or visit the 'SID Near You' section to explore news from the many countries and institutions involved. Visit the 'SID Gallery' to find great resources from across the Insafe network and beyond to help you teach eSafety all year through.
For further information, read the summary or the full public report on Safer Internet Day 2014 activities and successes.

http://www.saferinternet.org/safer-internet-day
=========================================
 ==============================================
**Important note** - contact us for very powerful solutions for security, firewall and APT solutions:

www.tabularosa.net

Thursday, January 22, 2015

Tabula Rosa Systems Blog Of The Day - The Demise Of Email?

**important note** The following post is from my other blog http://netiquetteiq.blogspot.com

Every couple of weeks, I run into an article or product which claims email is rapidly dying or that there is a product to “revolutionize” email. Many are attracted to this concept/tool in great part because email is becoming less manageable and time-consuming.

Below is yet another article and some products which specifically speak to these points. As an author and blogger who spends a significant time on email, I am pessimistic to this idea of a drastic change in the fundamentals of email. I look instead to espousing and developing processes to most efficiently utilize this means of communication without degragrating its effectiveness.
See how you feel about these issues after reading the article.
Good Netiquette to all !
 ------------------------------------------------------------------------
InfoWorld | Jan 20, 2015
Build a better mousetrap, as the cliché has it, and the world will beat a path to your door. That line of thinking has even been applied to the most rudimentary corners of the technology world: standards and protocols that have stuck around for decades, yet viewed as creaky and badly in need of replacement. But few old-guard standards have seen as many pretenders to the throne as the SMTP/POP3/IMAP email triumvirate has. If only someone could come up with an alternative that did everything email did but better, more securely, and with less hassle, wouldn’t it be worth it?
Over the decades, dozens if not hundreds of companies, initiatives, and products have tried to find a way to move past the SMTP/POP3/IMAP standard. Some have found niches for themselves, despite being proprietary. Many disappeared without a trace. But all try to solve email’s ills in one of three ways: Reinvent emaiI from the inside out with an entirely new protocol; ameliorate email’s peccadillos by making it more intuitive and less aggravating; or shift the work traditionally done in email to other venues.
Here we break down each of these strategies and highlight the current contenders most likely to affect the future of email.
The quest to create a new protocol
Devising an entirely new protocol for email would be the most effective way to move email forward. The problem is, it’s the most difficult path to success.
What makes such an approach attractive is the potential to fix many of email’s problems -- spam, security, inefficient protocol design -- at the root. By replacing aging standards that evolved in an ad hoc fashion with new ones that were crafted intentionally to account for decades of real-world experiences with email, the IT world would enjoy a much more solid foundation for messaging going forward.
Of course, reinventing at the root is nearly impossible, for two reasons.
First, creating a new protocol everyone can agree to use is difficult, to put it mildly. Such developments typically take shape only when an entity with significant clout advocates for its use; even then, nothing is guaranteed. Google, for instance, has hatched its alternative to the IMAP standard (vintage 1986), but it applies only to Gmail. As such, getting developers to build for this alternative solves only a tiny corner of the problem. Also, any new protocol would have to be supported on clients and servers. Sure, the two have moved closer together thanks to Web-based mail clients, but mobile devices and desktop users would need to be kept in that loop.
A second problem with the new-standard route -- potentially thornier than the first -- is that transitioning existing SMTP/POP/IMAP users to any new standard would likely require almost too much disruption. One possible solution, which addresses the above problem as well, has been proposed by a startup named Inbox (not to be confused with Google Inbox). Inbox’s plan is to roll out a replacement protocol for email by wrapping existing email systems with a newly devised protocol and API set. Eventually, if enough people adopt the Inbox protocols, the old systems can be deprecated in favor of the new, and the resulting protocols can (one would assume) be submitted as an IETF RFC.
Inbox has the right idea, in that the protocol and API set it has devised are open source (GNU Affero GPL licensed), and the project is designed to appeal most directly to developers of email applications building on mobile platforms. A similar project both in its approach and its design is JMAP, a protocol proposed by FastMail. JMAP uses JSON to encompass and package all the possible requests and responses used for email: sending and receiving, calendaring, contacts, and so on.
Building a better inbox
Given how tough it is to rip and replace email at the protocol level, small wonder many have concentrated instead on fixing the client experience. After all, most of the headaches users experience with email revolve less around the protocols and more around managing email so that it doesn't turn into a job unto itself.
The current plans in this vein go well beyond a more elegant-looking client or one better suited to mobile use. Instead, they use statistical analysis to automatically classify and act on email -- to figure out with as little user intervention as possible which emails can be dumped, which can be circled back to later, and which need to be replied to right now. “The goal of email 2.0,” said Dave Bagget, CEO of Inky Mail, “should be to make email clients more like personal assistants than mere tools for sending, receiving, and organizing email.”
Google has been hard at work on this approach. Google has carried Gmail’s autocategorization system to a further extreme with its new mail product called Inbox. With Inbox, mail is batched together automatically in “bundles,” according to certain criteria. Emails that Inbox believes are most important, such as updates on product purchases or travel arrangements, are emphasized, as are to-do items and reminders.
IBM, too, has a similar project in the works, one meant to extend on its existing user base for Lotus Notes. Verse ditches Lotus Notes’ heavy native client for a lightweight Web-based option, focuses on people and conversations rather than on individual email messages, and uses IBM’s Watson machine learning service to help classify messages. What’s more, IBM has pitched its early-access program for Verse at users, presumably to see whether it carries over from there into the enterprise.
The problem with algorithm-driven inboxes: They need to be at least as good as -- if not better than -- human-powered curation. They also won’t gain much uptake with business users if they don’t provide functionality taken for granted in those circles. (As of this writing, Google’s Inbox is still missing a few such items, including signatures, shortcuts, and advanced filters.) Any such inbox needs to provide users with a fallback to an uncurated view of their messages, or people will begin to feel like their email isn’t really their email anymore.
Move work out of email
Yet another let’s-kill-email approach doesn’t involve altering clients or protocols, but rather the work habits most commonly associated with email. This could include discussions on a given topic with coworkers, or passing files back and forth between colleagues -- activities that can be moved to venues purpose-built to host them properly.
Among the creations devised for that job is Slack (motto: “Be less busy”) from Tiny Speck, which was featured recently in Bob Brown’s roundup of 25 cloud, security, and mobile startups to watch. Slack comes off as a sort of chat system with multiple rooms or “channels,” with all discussions searchable and synced automatically between multiple client apps. Private groups and direct messages are also part of the design. Many popular third-party applications -- Dropbox, GitHub, JIRA, and more -- have integrations ready to use, along with toolkits and an API to allow you to add your own.
Huddle, another system designed to move coworker collaboration activity away from email, uses a central dashboard metaphor to present team members with a project-centric view of their work. Projects can be created and delegated, and individuals can loop other people into their projects as needed. Files ascribed to a project are hosted within the project and are secured against unauthorized access, thereby preventing the need to mail attachments or file-share links to team members. Discussions -- the part of Huddle most designed as a replacement for email -- are reminiscent of Web forums, including discussion threading.
The main drawback with systems like these is that they don’t really replace email so much as create secondary, siloed, proprietary structures alongside it. Most anyone will still need email to deal with the rest of the world, and these systems seem aware of that. Huddle, for instance, can be set to echo activity on message threads to -- you guessed it -- email.
There’s a larger question of the usefulness of moving work-related processes out of email. Forrester analyst Phillip Karcher took the stance that “enterprise social,” as these types of applications are called, “is a complement, not a replacement for email.” He claimed that according to research, “compared to workers who don’t use enterprise social, those that do actually spend more time in their typical workday looking for information.” But he also noted that, in his purview, this didn’t imply they were being inefficient, but were “tapping their peers and taking more time to make informed decisions.”
Maybe email’s here to stay after all
Given the uphill battle, it’s very likely that email will remain right where it is, at the center of our working lives. Other items may evolve in parallel, but email’s central position as a universal standard in business -- and as the default system of record for enterprise communications -- won’t likely change.
InfoWorld’s Galen Gruman has dissected several of the arguments about email’s alleged harms: It’s an old technology; it deluges the user with too much information; it’s a pain to maintain. Each of those arguments, and some of their proposed solutions, have been echoed here in various forms.
But each stance, as Gruman pointed out, also invites a potent counterargument. Email overload is more a failure of users’ filtering habits than one of the technology itself (although there’s certainly room for a smarter inbox). Maintaining any enterprise infrastructure isn’t easy, and moving away from email might mean moving to new and untested management tools. Most important, a new technology isn’t always a better one; in email’s case, it’s hung around because it’s widely adopted, broadly supported, nonproprietary, and well-understood.
Back in 2010, Gartner analysts predicted some 20 percent of corporate email use would be replaced with social networks of some kind by 2014. Some of their predictions came true: Email clients certainly have more cross-integration with social networks. But what email brings to the enterprise, like an automatic audit trail, remains immensely attractive. It may not be surprising to hear that, in a survey conducted by the Pew Research Internet Project, 61 percent of workers with Internet connections rated email as “very important” to their job, whereas social networking ranked at around 4 percent.
That isn’t to say email won’t morph into something better over time, only that the process is likely to be incremental, laborious, and cautious. If Inbox’s experiments with wrapping new protocols around the old ones takes off, and IBM’s experiments with email curated by machine learning prove successful, and enterprises decide that much of their internal communications can be done outside of email -- that might bring everyday messaging to an entirely new place. But only because we would have walked down many different roads in parallel to get there, and not any one of them alone.
==============================================
**Important note** - contact our sister company for very powerful solutions for security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Systems Quotation Of The Day - Overspending On Security


“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”
– Kevin Mitnick
==============================================
**Important note** - contact our company for very powerful solutions for security, firewall and APT solutions:

www.tabularosa.net (609) 818 1802

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================
video

Wednesday, January 21, 2015

Tabula Rosa Systems Blog Of The Day Is On Advanced Persistence Threat (APT)



The anatomy and physiology of APT attacks
by Adam Rice
The cyberthreat landscape has changed. We used to deal with hackers in the classic sense, from explorers of systems to script kiddies who used newly automated exploit tools, developed by taking hackers' technical knowledge and packaging it. In the background lurked the underground and criminal types who move into any vacuum, given enough time, if there is something to steal.
The modus operandi for these early criminals wasn't that different from what many enterprises encounter today. It involved phishing campaigns to try to trick people into logging onto their online bank accounts and, in doing so, giving up their credentials. Attackers developed viruses and bots that delivered remote access and administrative tools to the victim's computers, allowing the bot masters to harvest all the data. National intelligence services began to employ many of the tools and techniques those early criminals developed to use the Internet as a conduit for advancing their intelligence-gathering capabilities.  

Nothing in our past has happened so quickly or with as far-reaching implications and dependencies. Critical networks, utilities and other infrastructures are all intertwined with the networks of companies and governments. Almost everything that's built, designed and manufactured is on the Internet. If the Internet stopped working, the global economy would collapse. With that dependency comes issues of national security. Governments have recognized the strategic and tactical advantage of having both defensive and offensive capabilities in the electromagnetic arena.
This paradigm shift has created the groundwork for advanced cyberthreats. Building on what cybercriminals began, security services from many countries have developed the capability to protect, attack and steal for their national interest. As these organizations responded to requests for intelligence from their governments, a whole new type of "threat" appeared on the cyber landscape.  
The term advanced persistent threat or APT -- coined by U.S. Air Force Col. Greg Rattray in 2006 -- describes the new powerful cyber adversary noticed on government networks since the late 1990s and early 2000s. For the U.S. government, the APT is the Chinese; for the Chinese, the APT is the United States. It is always a question of perspective.
Intelligence gathering methods
How do APT attacks happen and why? To understand the anatomy and physiology of APT attacks, it helps to recognize intelligence-gathering methods used by security organizations around the world. All these agencies -- including the CIA, MI6 and the Federal Security Service (FSB) of the Russian Federation -- have administrative processes for receiving requests for intelligence products and information. They prioritize those requests and pass them out to the various departments, or organizations, that are then tasked with acquiring the information or products.
Understanding how an APT actor operates can help an organization build active defenses against it.

Where might a request come from? Say a delegation from country A attends the Paris Air Show, a key event in which hundreds of aerospace and defense companies show off their products and innovations. The delegation, which can include intelligence personnel, has a "shopping list" and spends a lot of time looking for specific technologies and systems. They notice a new and innovative radar system for sale from a defense contractor in a "banned" country. It would be illegal for the manufacturer to sell the technology to the delegation, so they cannot simply buy the technology and reverse engineer it. The delegation takes photographs of the sales display and picks up any other information it can. When the delegation returns home, a formal request for intelligence or collection on the radar technologies is submitted to their country's intelligence services. The intelligence request is prioritized, and when it is acted on, it will be assigned to a cyber-intelligence unit whose specialty is to gain access to other people's networks with the sole purpose of taking something very specific.
The APT is in the collection part of the classic intelligence cycle described on the CIA's website:
·         Planning and Direction
·         Collection
·         Processing
·         Analysis and Production
·         Dissemination
An APT "campaign" against the target begins. In this case, it is based on an intelligence request from country A's military to their intelligence services to find everything they can about a radar manufactured in country B.
The intelligence services, or their contractors, will begin by doing a comprehensive search of the target organization. This research will include basic information about the company such as the physical locations of facilities; corporate and supply chain relationships; contracts, products and services; leadership and board of directors; filings and financial reports; and whether it is publicly traded.
The organization will also look at the company's Internet foot print:
·         Domain names, DNS records, MX mail records
·         Registered IP ranges and scans of that information
·         Email naming convention (first name.last name@company.com)
·         Telco relationships and colocation usage
·         Cloud usage
·         Publicly facing services or websites
·         Use of two-factor authentication
They will build an understanding of employees who work within specific divisions or programs or within leadership or corporate shared services. This information is gathered with help from LinkedIn and Facebook searches, academic papers, public websites, speaking engagement histories, and industry associations and forums. Once this data is compiled, a plan of action will be formulated to penetrate the network and steal the data on the target.
The offensive part of an APT campaign begins with the perpetrators executing their plans. In this example, it starts with social engineering. Having identified the physical location of the facilities that manufacture the target data, the APT will cast a net on social media to "link" to individuals associated with the program, or near the program, based on their LinkedIn profiles. The attackers will create false personas, using LinkedIn, Facebook pages and other social media. They will then try to "friend" individuals to discover email addresses -- both work and personal -- other friends or associations, addresses, skills they possess and other programs they've worked on.
From this social media information the APT will create a target list of named individuals directly or indirectly associated with the target programs, or in a position to get to the projects indirectly, or provide the next hop to the target. This social engineering generates the targets for a spear-phishing campaign. Almost all APT attacks include some form of spear phishing, or targeting of malicious messages, with the intention of compromising victims' computers.
APT toolbox
For the APT to launch these campaigns, there has to be infrastructure and tools at their disposal. The big APT actors have deep funding from national governments for R&D into activities such as creating exploits or testing code against most commercial security tools. The APT toolbox typically includes the following:
Pro+Extensive command-and-control (C2) hosts of computers that have been leased at cloud providers, or hosts that have been compromised for the purpose of being a C2 host. These hosts tend to communicate home indirectly. It is not smart to have a C2 host owned by the government of country A, or a C2 host that communicates directly back to country A. Instead, they communicate through a layer of hosts and proxies to obscure the destination of the traffic. It is through those networks of C2 hosts that the malware deposited by spear phishing communicates back to establish channels, back to the compromised hosts and then to download rootkits and remote administration tools (RATs)
·         Websites with waterholes or drive-by exploits (the place the URL on the email goes to) to infect a host.
·         Internet file shares to drop the exfiltrated data. These file shares can include Google Docs accounts or Dropbox accounts.
·         Extensive malware library to get a toehold onto a network to download RATs and rootkits. The malware will try to exploit near-zero-day, or zero-day vulnerabilities. Zero-days are typically used with higher value targets because once they are in the wild, patches and signatures can be developed.
·         Windows administrators with extensive skills in domain and host configurations. These technicians will drive infected hosts to continue to gain hosts on the exploited network, find the data and exfiltrate it.
Based on the initial reconnaissance of the target, a template for the campaign will be selected to get the data from the target. These templates, or the modi operandi, are based on the technologies the target company has deployed, the network security of the target and the value of the target.
Once the template is selected and approved, and resources are lined up, the spear phishing emails are sent to the targets. Mail is delivered and disappears behind the target's firewalls. Success is noted if a piece of malware beacons out to a C2 host, whose address is in the exploit code.
A few years ago, most companies were helpless against this type of threat and compromise was easy. The modi operandi from those early campaigns have persisted, with some modification as defenses have improved. As awareness of the APT has grown, so have the active defenses against it, meaning that the APT actors have to adjust their MOs to defeat the emerging defenses companies put up.
Active defenses
Understanding how an APT actor operates can help an organization build active defenses against it. Traditional signature-based firewalls and IDSs are ineffective against APT attacks. The APT actors have copies of all commercial security devices and software and build their templates to easily defeat systems such as antivirus and antimalware tools.
Here are some other ways to prevent APT attacks:

Use threat intelligence. This includes current information on APT actors; threat intelligence harvested from analyzing malware; known C2 sites; known bad domain names, emails addresses, malicious email attachments, email subject lines; and malicious links and websites. Threat intelligence is for sale commercially and is shared by industry cybersecurity groups. Care must be taken to make sure the intelligence is relevant and timely. Threat intelligence is used to establish "trip wires" to alert you to activity on the network.

Create strong egress rules. Stop all outbound traffic from the enterprise except Web traffic, which must be proxied, with all data sharing, malicious sites and uncategorized sites blocked. No SSH, FTP, Telnet, or other ports and protocols should be allowed out of the network. This will break the communications channels from the malware to the C2 hosts and stop the unauthorized exfiltration of data off the networks.

Collect strong log analytics. Verbose logging from critical networks and hosts should be collected and analyzed for unusual behavior. Logs should be retained for a period of time to allow for investigations. Alerts on matches with threat intelligence should be established.

Hire security analysts. The role of security analysts is to tie the threat intelligence, log analytics and alerting to an active defense against APT. Experience is key in this role.
Are you in an industry with the APT threat? Does your company have something an APT actor would be willing to spend time and money, trying to steal?
Enterprises can ask the FBI if they are in an industry targeted by APT threats. If the answer is no, then spending the money on active defenses against the APT might not be a good investment. But organizations that might become potential "targets" must consider it.
==============================================
**Important note** - contact our company for very powerful solutions for APT solutions:


www.tabularosa.net
=============================
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================