BSI Recognizes BlackBerry as Qualified APT Response Service Provider
Hands-on-keyboard attacks against your organization require a high degree of skill to track and defeat.
Far from the comparatively simplistic automated attacks run by low-level cybercriminals, “live” attacks by APT (advanced persistent threat) actors require a specialized level of incident response to minimize the damage and fully re-secure the network.
This leads to an important question: which cybersecurity partners are truly able to defend against a sophisticated attack? The answer can be found in the recent Qualified APT Response Service Providers list created by the German Federal Office for Information Security (BSI).
The fact that the BSI designates us as a qualified APT service provider demonstrates that we have experts capable of providing effective emergency assistance to organizations, even when confronted by the most sophisticated cyberattacks.
I’m proud of the fact that the BSI recognized BlackBerry by including us on this list, based on more than a dozen factors. BlackBerry® cybersecurity solutions are trusted by 17 of the world’s G20 governments. Now you know you can rely on our incident response services, as well.
Why APT Response Is So Different
Our BlackBerry incident response (IR) team recently wrote a specialized blog series focused on sophisticated cyber opponents. In "The 13 Deadly Sins of APT Incident Response” they explored an extensive list of key differences organizations face when dealing with an advanced persistent threat. One major difference is that unlike with a “commodity” attack, you are typically facing a group of humans that can react to your response. Additionally, while less advanced cyberattacks often rely on a single point of access, APT actors may have significant resources at their disposal, allowing them to establish and maintain multiple backdoors into a target’s environment.
Advanced persistent threats target organizations of any size, as well as government agencies. If an APT gains access, the consequences vary, but are usually severe. These can include:
- Intellectual property theft
- Theft of sensitive and private information
- Sabotage of critical infrastructure (e.g., database deletion, catastrophic facility failure)
There's a Reason “P” Is for “Persistence”
Interestingly, our APT incident responders have found over the years that the first APT attack against your organization is often just the initial indication you are a target. It’s like a warning light on your car’s dashboard.
The BlackBerry IR team noted in the “13 Deadly Sins” series that APT groups often start with the easiest assault options and move patiently through their arsenal. If an attack is unsuccessful, APTs will often go dormant for short periods of time, then suddenly resurface and target another weak spot in the victim’s defenses – repeating the process until they successfully achieve their objectives.
In many cases, removing an APT attacker from the environment is just the start. Responders often mistakenly believe they have the attack fully remediated, only to learn the attacker has merely gone silent until defenses are lowered. This is one reason why calling in the right expertise is so critical to a successful response.
More “Deadly Sins” of APT Incident Response
On the defender side of APT incident response, there are three primary stages: preparation, active breach, and remediation and recovery. Below is a high-level view of common mistakes or “deadly sins” the BlackBerry IR team often observes responders making during each stage.
Four Common Mistakes During Preparation
- Lack of visibility and historical logs
- Not having the right people, processes, and technology in place
- Analyst burnout and alert fatigue
- Not having an incident response retainer
Read The 13 Deadly Sins of APT Incident Response – Part 1.
Five Common Missteps During an Active APT Breach
- Panicking, cutting external connectivity, or wiping systems too soon
- Trusting your internal communications channels
- Uploading samples to online services too early
- Actively probing command-and-control (C2) systems
- Failing to understand response timelines
Read The 13 Deadly Sins of APT Incident Response – Part 2.
Four Common Errors During Remediation and Recovery
- Incomplete remediation and recovery
- Believing it is over before it is
- Ignoring lessons learned
- Failing to share attack indicators
Read The 13 Deadly Sins of APT Incident Response – Part 3.
As you can see, BlackBerry’s incident response knowledge around APTs is extensive, and being recognized as a Qualified APT Response Service Provider by the German Federal Office for Information Security underscores our prowess in this highly specialized field of cyber defense.