Why is it important?
Advanced persistent threats are significant because they represent a different modus operandi for hackers, where persistence is key to the operation of the malware, and the objective is data theft.
Why does a business professional need to know this?
Advanced persistent threats (APT) are dangerous because they can remain undetected while harvesting critical customer or intellectual property data from the target organization. Depending on the type of data harvested, a company can suffer significant damage to its reputation and be exposed to serious legal consequences.
Most APTs are delivered by social-engineering mechanisms, such as targeted campaigns or spear phishing against an organization. Once a system has been compromised, the APT seeks not only to persist, but to discover, proliferate, elevate privileges, and remain undetected.
The ultimate goal is to extract targeted information from the victim in a manner that is difficult to detect by ordinary detection and incident response methods, generally using encryption to blend in as ordinary HTTPS traffic.
An APT can persist for months or, in extreme cases, years without detection, sending data to its command and control structure only when a certain set of criteria are met.
APTs have evolved into more malicious types of malware, such as remote access trojans (RAT) and, potentially more devastating, various forms of ransomware. At the root of each of these advanced forms of APT you can still find the original elements of APT: increased levels of encryption for command and control, malware that is aware of sandboxes and other containment technologies, and better subversion techniques. These elements have made APTs the current method of choice for cybercriminals.
Business professionals should ensure that their cybersecurity specialists understand and employ the tactics, techniques, and procedures required to detect these exploits(Fireeye).
Paul Brager, Jr., M.Sci, Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP), Certified Information Security Manager (CISM), has been a contributing member of the cybersecurity community for over 20 years, specializing in security architecture, industrial cybersecurity, and digital forensics and incident response. He has extensive experience in the oil and gas, manufacturing, chemical, and telecommunications sectors, having held various leadership roles throughout his career.
Term: Advanced Persistent Threat