What Is an Advanced Persistent Threat (APT)?
If there's one thing that keeps corporate cybersecurity professionals awake at night, it's the thought of an attack employing a range of sophisticated techniques designed to steal the company's valuable information.
As the name "advanced" suggests, an advanced persistent threat (APT) uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences.
The Prime Targets of Advanced Persistent Threats
Because of the level of effort needed to carry out such an attack, APTs are usually leveled at high value targets, such as nation states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply "dipping in" and leaving quickly, as many black hat hackers do during lower level cyber assaults.
APT is a method of attack that should be on the radar for businesses everywhere. However, this doesn’t mean that small- and medium-sized businesses can ignore this type of attack.
APT attackers are increasingly using smaller companies that make up the supply-chain of their ultimate target as a way of gaining access to large organizations. They use such companies, which are typically less well-defended, as stepping-stones.
Five Stages of aAn Evolving Advanced Persistent Attack
The whole purpose of an APT attack is to gain ongoing access to the system. Hackers achieve this in a series of five stages.
- Stage One: Gain Access
- Stage Two: Establish a Foothold
- Stage Three: Deepen Access
- Stage Four: Move Laterally
- Stage Five: Look, Learn, and Remain
Stage One: Gain Access
Like a burglar forcing open a door with a crowbar, cybercriminals usually gain entry through a network, an infected file, junk email, or an app vulnerability to insert malware into a target network.
Stage Two: Establish a Foothold
Cybercriminals implant malware that allows the creation of a network of backdoors and tunnels used to move around in systems undetected. The malware often employs techniques like rewriting code to help hackers cover their tracks.
Stage Three: Deepen Access
Once inside, hackers use techniques such as password cracking to gain access to administrator rights so they can control more of the system and get even greater levels of access.
Stage Four: Move Laterally
Deeper inside the system with administrator rights, hackers can move around at will. They can also attempt to access other servers and other secure parts of the network.
Stage Five: Look, Learn, and Remain
From inside the system, hackers gain a full understanding of how it works and its vulnerabilities, allowing them to harvest the information they want at will.
Hackers can attempt to keep this process running — possibly indefinitely — or withdraw once they accomplish a specific goal. They often leave a back door open to access the system again in the future.
The Human Factor of APT
Because corporate cyber defenses tend to be more sophisticated than a private user's, the methods of attack often require the active involvement of someone on the inside to achieve that crucial, all-important "crowbar" moment. That doesn't mean, however, that the staff member knowingly participates in the attack. It typically involves an attacker deploying a range of social engineering techniques, such as whaling or spear phishing.
A Remaining Advanced Persistent Threat
The major danger of APT attacks is that even when they are discovered and the immediate threat appears to be gone, the hackers may have left multiple backdoors open that allow them to return when they choose. Additionally, many traditional cyber defenses, such as antivirus and firewalls, can't always protect against these types of attacks.
A combination of multiple measures, ranging from sophisticated security solutions like Kaspersky Enterprise Security to a workforce that is trained and aware of social engineering techniques, must be deployed to maximize the chance of a successful ongoing defense.