WHAT IS AN APT?
The term APT, which stands for Advanced Persistent Threat, is a computer network attack that allows an adversary (usually a highly skilled and well-funded hacking group) to gain access to a network and stay there undetected over an extended period. These threat actors use a cocktail of spear-phishing attacks, zero-day exploits, SQL-injection techniques, customized malware, drive-by downloads and clever social engineering to hack into computer systems.
Once a machine is compromised, APT groups use sophisticated network tools to burrow deep into a corporate network and maintain persistence over a period of time before finding valuable data to hijack and transmit to command-and-control servers around the world.
Examples of successful APT attacks litter the news landscape with victims ranging from Lockheed Martin, SONY, Google, Adobe and RSA to highly classified government and diplomatic institutions around the world. However, it’s important for businesses of every size to understand that the tools and capabilities used by well-funded APT groups are being used by cyber-criminal gangs and the majority of these network breaches are never publicly reported.
THE FOUR STAGES OF AN APT
A typical APT includes the following 4 components:
Scoping out a specific target and preparing an attack.The preparation phase is multi-faceted and involves the collection of information on specific targets. It starts with the trawling of social networks like LinkedIn, Facebook and Twitter to collect e-mail addresses, phone numbers, business contacts that will be used later to ensure the ‘infection’ phase of the attack is as efficient as possible.
Intrusion and infection
Using information gleaned during preparation/reconnaissance phase, the attackers create and deploy custom malware to the target. Spear-phishing is a common technique used to trick the target into downloading first-stage malware but attackers have also used drive-by ownloads, watering holes, man-in-the-middle attacks and even “spray-and-pray” phishing techniques to gather victims.
The attackers now have control of the machine that was initially infected but the core of an APT attack is the ability to move laterally within a network and establish a beachhead. This is done by downloading additional malware to the infected machine in the form of rootkits, network backdoors, password-cracking utilities, Remote Access Trojans (RATs) and privilege escalation exploits.
Now that the initial infection is completed and lateral movement and persistence is achieved, the attackers get down to the business of stealing and transmitting the stolen data. In most cases, the attackers hijack everything from the network that might be of interest.
DEFENDING THE FORT
Now that it has been established that skilled APT actors have an arsenal of tools to compromise a corporate network, it is crucial that you make the right investments in security technologies and incident response plans to mitigate the threat and reduce your exposure to risk. Companies across the world are waking up to the fact that their security posture is insufficient to fend off the threats that breached Sony, Anthem and JPMC . . .
We understand these challenges and we’ve addressed the resources and headaches required to provide security services for our clients. Our single goal is ensuring the utmost in protection around the clock, and at the same time assist businesses in their regulatory compliance efforts. Our continuous cyber-threat monitoring services help to reduce risk and aid in compliance by collecting real-time log, performance and configuration data from the devices on a network, 24/7. Then, advanced cloud-based SIEM technology is applied to identify threats and suspicious activity. Within a state-of-the-art SOC, Advanced Security Engineers will evaluate each alert, eliminate false positives, investigate security incidents and respond to cyber-threats targeting your organization. It’s this highly-skilled “Human Element” that is often missing from other providers’ solutions.
For a free consultation on our 24/7 cyber-threat monitoring, threat analysis and response services, please reach out and contact us today.