"Rabbit-rabbit" folks on this 1st day of the month. Just when many of you thought it was safe to go back into the water. Just when you thought nothing could be worse than APT... think again. Wade Baker followed his nose and unearthed something even more silent - even more deadly. This is the Press Release "they" didn't want you to see.

by Wade Baker (@wadebaker)

Advanced Persistent Threats (APTs) garnered a huge amount of attention within the security community in 2010. Reports of sophisticated attacks against high-profile organizations provided ample fuel, and the fear of APTs spread like wildfire. Many expressed a sense of hopelessness against this new foe. Trade secrets were lost. Reputations damaged. White-knuckled fear and frustration ensued.

But that was last year, and there is no relief for the afflicted, no rest for the weary.

2011 brings with it a foul wind of another, even more advanced, and vastly more persistent threat into our midst. These vile agents known as Far Advanced Relentless Threats have quickly become an assault to the senses, permeating corporate environments with ease. 

Intelligence and research analyst Wade Baker laments “the worse part about this new threat is that the data on their origins, behaviors, and motives is so scarce. Security hinges on knowing our enemy, but that’s impossible with Far Advanced Relentless Threats. They rise up from the bowels of who-knows-where and hit you like a ton of bricks so fast it can take your breath away.”

When asked about whether the analyst community is looking into this situation, industry analyst Josh Corman answers “Absolutely.” “As soon as the news broke wind of this new threat, we stuck our noses out to see what we could learn. It didn’t take long to catch a whiff of Far Advanced Relentless Threats affecting our own ranks. They hit Andrew Hay bad one day last week; it was nasty and it’s going to take some time to recover.”

Researchers are, at least, trying to better understand how they work. “Those who incorporate JavaBeans into their applications seem particularly vulnerable” says application security specialist Jeremiah Grossman. “Far Advanced Relentless Threats typically follow an attack pattern that results in a sudden and violent buffer overflow condition. Being on the receiving end of that kind of force really stinks.”

According to industry expert Christofer Hoff, one of the aspects of Far Advanced Relentless Threats that makes them so invasive is their ability to spread rapidly via the cloud. “They’re extremely efficient,” he says. “They are highly scalable, deploy quickly, and can also dissipate swiftly as though they were never there. By then, of course, the damage has already been done…and don’t even get me started on what this will mean for cropdusting and cloudbursting.”

“Some Far Advanced Relentless Threats trumpet their presence loudly, but it’s the silent ones that are truly deadly,” claims forensic investigator Andrew Valentine. “In most circumstances they leave no lasting evidence and studying those rare logs that are left behind hasn’t yielded much useful information regarding the identity and/or origin of these threats.”

Because of their stealthy tactics, some believe Far Advanced Relentless Threats are a bunch of hot air. But those who have experienced their awful reality first-hand know better. “It can really damage your reputation,” say Alex Hutton, “and that awful stain that may never wash away. When that happens, you might as well just go home; there’s no showing your face again in public after that.”

Not everyone is ready to surrender and go home, however. Chris Porter has put together a special unit known as the Far Advanced Relentless Threat Emergency Response Squad. “We can’t keep holding back and silently letting things go. It’s not the time to be timid; it’s go time. We’re gonna drop some bombs,” he says pointedly and confidently.