Advanced Persistent Threat
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization. APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry.
In a simple attack, the intruder tries to get in and out as quickly as possible in order to avoid detection by the network’s intrusion detection system (IDS). In an APT attack, however, the goal is not to get in and out but to achieve ongoing access. To maintain access without discovery, the intruder must continuously rewrite code and employ sophisticated evasion techniques. Some APTs are so complex that they require a full time administrator.
An APT attacker often uses spear fishing, a type of social engineering, to gain access to the network through legitimate means. Once access has been achieved, the attacker establishes a back door.
The next step is to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. The back doors allow the attacker to install bogus utilities and create a “ghost infrastructure” for distributing malware that remains hidden in plain sight.
Although APT attacks are difficult to identify, the theft of data can never be completely invisible. Detecting anomalies in outbound data is perhaps the best way for an administrator to discover that his network has been the target of an APT attack.
At IT2Trust we recommend APT´s solutions from:
Business Development Manager
Get personal counseling
Aage Wolff-Sneedorff is engineer and economist and has more than 30 years of experience within IT, OT/ICS, and telecommunication, including 12 years in IBM. In the whole career he has worked in close contact with customers either within sales, project manager in customer cases or advising consultant (incl. teaching). Aage comes from a position as Sales Manager in an OT/ICS security consulting company.