Why Security is Hard: When APTs became TPAs

Trying to secure the Internet and all it’s users, content, and services is a difficult job. The Internet is a global resource that supports many different cultures and languages.  The purpose of the various Internet web sites that appear on the Internet vary from commercial sites selling products and services to informational sites about many more topics that most people need or care to know about.  There are a myriad of operating systems and applications used to produce and access those sites.  As if Advanced Persistent Threats (APT) were not bad (or scary) enough there is now a new term used to describe the attacks that security personnel are trying to secure all these operating systems and applications from.  Welcome Targeted Persistent Attacks (TPA)!

The first read where I came across TPA was over at Tech Republic.  During an interview with the Research Vice President at NSS Labs they report:

“The truth of the matter is that an APT is sometimes made up of known exploits/vulnerabilities that are not that Advanced; so the term APT doesn’t define the action correctly. TPA highlights that the actor is going after a specific target such as company X or an entire industry sector like financial services, and will be persistent in attacking the target”

Uhh?  So the reason we need a new category of product is because some malware writer slacked off and didn’t use the latest, most advanced exploit or vulnerability and instead used something that Microsoft already addressed a couple of Tuesday’s ago?

To be fair this blog post that also appeared at NSS labs makes a better case for the new term (TPA that was).  What NSS Labs seems to be talking about here is threat or breach detection.  Of course, there is also a TPA focused Breach Detection Systems (BDS) product buyers guide.