Advanced Persistent Threat (APT) is an attack that gains an unauthorized foothold for the purpose of executing an extended, continuous attack over a long period of time. While small in number compared to other types of malicious attacks, APTs should be considered a serious, costly threat. In fact, according to the NETSCOUT Arbor 13th Annual Worldwide Infrastructure Security Report, only 16% of enterprise, government or education organizations experienced these threats in 2017, but 57% of these organizations rate them as a top concern in 2018. Show
Most malware executes a quick damaging attack, but APTs take a different, more strategic and stealthy approach. The attackers come in through traditional malware like Trojans or phishing, but then they cover their tracks as they secretly move around and plant their attack software throughout the network. As they gain a foothold, they can then achieve their goal – which is almost always to continually and persistently extract data – over a period of months or even years.
Protect your data center with a purpose-built internal firewall
Advanced Threat Hunting & Incident Response with Enterprise EDRAttackers executing APTs have a somewhat standard, sequential attack approach to achieve their goals. Here is a quick summary of the typical steps they go through:
Because APTs almost always have a goal of exfiltrating data, attackers do leave evidence behind of their malicious activity. Here are a few of the most telling indications, according to CSO:
Security experts offered more insights in a recent Threat Hunting webinar series as to what to look for as far as malicious activity that might give companies a heads up on APTs attacks. These experts suggest looking for command shells (WMI, CMD, and PowerShell) that establish network connections, or remote server or network administration tools on non-administrator systems. They also suggested looking for Microsoft Office documents, Flash, or Java incidents that invoke new processes or spawn command shells. Another clue is any deviation in the normal behaviors of administrator accounts. The creation of new accounts locally or a company’s domain or Window processes (such as lsass, svchost, or csrss) with strange parents can also be evidence of an APT in the environment. "57% of enterprise, government and educational organizations rate APIs as a top security concern." As an example of a well-executed APT, here is a quick overview of APT10, a campaign that perhaps started as early as 2009. As potentially one of the longest sustained cybersecurity threats in history, APT10 recently attacked companies through managed service providers in multiple industries across many countries, as well as some Japanese companies, causing an unknown amount of damage through the theft of large volumes of data. These attacks, which were active since late 2016, were discovered by PwC UK and BAE Systems. In Operation Cloud Hopper, a joint report on this campaign, these organizations readily admit that the full extent of damage by APT10 may never be known. Here are some key highlights on what these organizations learned about APT10 from the report:
* 5 Signs You’ve Been Hit With an Advanced Persistent Threat (APT) As more and more APTs are discovered, security organizations are becoming more proficient at uncovering these stealth threats. One of the evolving approaches is threat hunting, which combines innovative technology and human intelligence into a proactive, iterative approach that identifies attacks that are missed by standard endpoint security alone. The average breach takes 150 days to discover. However, with threat hunting, organizations can discover attacks like APTs earlier in the attack sequence by observing historic, unfiltered endpoint data to find unusual behaviors and relationships between activities that are anomalies. A threat hunter starts the hunt with a set of innovative technology tools, threat intelligence, and human insight. The hunter then refines the hunt process through iterative searches that lead to the discovery of root causes. The hunter then responds to the threats by shutting them down, and using the insights and intelligence gained to protect the environment in the future.
What are the characteristics of an advanced persistent threat?Once an advanced persistent threat has compromised your network, you may notice the following symptoms:. Unusual user account activities.. A sudden increase in database activity.. Large files with unusual file extensions.. An increase in backdoor trojan detection.. Data exfiltration from your network.. What characteristics of an advanced persistent threat APT give it that name?As the name "advanced" suggests, an advanced persistent threat (APT) uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences.
Which of the following is true for an Advanced Persistent Threat APT )?Correct Answer: B
They conduct research to identify previously unknown vulnerabilities and exploit those vulnerabilities to gain access to systems in an undetected manner.
Which one of the following best describes an advanced persistent threat?An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.
|