Thursday, April 7, 2016

Advanced Persistent Threat

An Advanced Persistent Threat is a series of network attacks which is made in a stealthy manner for a long duration of time with the purpose of gaining unauthorized access in the network and stealing sensitive data for malicious purposes.

In a normal network attack, the attackers make the attack, fulfills their purposes and leave immediately, so that the attackers do not get caught. But, in APT the attackers remain stealthy for a long period of time and proceed as planned in a covert manner to steal sensitive data gradually. An APT is much more covert and much more sophisticated than a normal network attack.

Purpose of Advanced Persistent Threat

In a normal attack, the attackers may have several purposes. Normally those attacks are done for causing damage to the network and systems or stealing sensitive data from the systems. In an APT, usually causing damage to the network or the systems is not the purpose of the attackers. APT is done mainly with the purpose of stealing sensitive data from the systems gradually in a covert manner.

How APT Attacks are perpetrated

An APT Attack is perpetrated typically following the following stages :

  • Firstly, the attackers use some social engineering, spear phishing, zero-day malware or other security vulnerabilities to infect the systems in the network. The attackers may even plan for a Watering Hole Attack, in which malware is placed in websites that the employees of the organization are likely to visit. (To know more on Watering Hole Attack : What is a Watering Hole Attack ? )
  • After infecting the systems in the network, the attackers stealthily place a RAT or Backdoor in the sysems which enable the attackers to gain unauthorized access of the systems.
  • The attackers can escalate the privileges and gain administrative privileges of the systems.
  • The attackers then start to collect information from the network.
  • The attackers can expand control to other workstations and harvest data from them also.
  • Next, the attackers exfiltrate the data to the attackers from the victim's network.

Targets of Advanced Persistent Threat

The attackers usually target a group or organization from where they can steal sensitive data. The most common targets usually are :

  • Government organization
  • Higher Education
  • Financial Institutions
  • Industries

Prevention of Advanced Persistent Threats

APT is quite sophisticated and it is much more difficult to detect and prevent than the normal network attacks. Attackers normally take extra precautions to remain covert for a long period of time. They use sophisticated techniques for evasion.

However, network traffic associated with APT can be detected in network layer. And, deep log analysis and log correlation from various sources can detect APT activities. A good log correlation tool can be used for that purpose.

So, this was a short article to give information on Advanced Persistent Threats. Beware of various security threats, so that you can protect your data in a better way. And, stay safe, stay protected.

No comments:

Post a Comment