If not redirected, please click here https://www.thesecuritybuddy.com/data-breaches-prevention/what-is-apt-or-advanced-persistent-threat/
An
Advanced Persistent Threat is a series of network attacks which
is made in a stealthy manner for a long duration of time with the
purpose of gaining unauthorized access in the network and stealing
sensitive data for malicious purposes.
In a normal network attack, the
attackers make the attack, fulfills their purposes and leave
immediately, so that the attackers do not get caught. But, in APT the
attackers remain stealthy for a long period of time and proceed as
planned in a covert manner to steal sensitive data gradually. An APT
is much more covert and much more sophisticated than a normal network
attack.
Purpose of Advanced Persistent
Threat
In a normal attack, the attackers may
have several purposes. Normally those attacks are done for causing
damage to the network and systems or stealing sensitive data from the
systems. In an APT, usually causing damage to the network or the
systems is not the purpose of the attackers. APT is done mainly with
the purpose of stealing sensitive data from the systems gradually in
a covert manner.
How APT Attacks are perpetrated
An APT Attack is perpetrated typically
following the following stages :
- Firstly, the attackers use some social engineering, spear phishing, zero-day malware or other security vulnerabilities to infect the systems in the network. The attackers may even plan for a Watering Hole Attack, in which malware is placed in websites that the employees of the organization are likely to visit. (To know more on Watering Hole Attack : What is a Watering Hole Attack ? )
- After infecting the systems in the network, the attackers stealthily place a RAT or Backdoor in the sysems which enable the attackers to gain unauthorized access of the systems.
- The attackers can escalate the privileges and gain administrative privileges of the systems.
- The attackers then start to collect information from the network.
- The attackers can expand control to other workstations and harvest data from them also.
- Next, the attackers exfiltrate the data to the attackers from the victim's network.
Targets of Advanced Persistent
Threat
The attackers usually target a group or
organization from where they can steal sensitive data. The most
common targets usually are :
- Government organization
- Higher Education
- Financial Institutions
- Industries
Prevention of Advanced Persistent
Threats
APT is quite sophisticated and it is
much more difficult to detect and prevent than the normal network
attacks. Attackers normally take extra precautions to remain covert
for a long period of time. They use sophisticated techniques for
evasion.
However, network traffic associated
with APT can be detected in network layer. And, deep log analysis and
log correlation from various sources can detect APT activities. A
good log correlation tool can be used for that purpose.
So, this was a short article to give
information on Advanced Persistent Threats. Beware of various
security threats, so that you can protect your data in a better way.
And, stay safe, stay protected.
No comments:
Post a Comment