Getting Back to the Real Meaning of “Advanced Persistent Threat”
-
Upload
david-hunt -
Category
Technology
-
view
1.257 -
download
0
Transcript of Getting Back to the Real Meaning of “Advanced Persistent Threat”
The time has come for the
cybersecurity world to remember
the true meaning of APTs and
understand the level of danger they
pose to companies today.
The basic definition of APTs isn’t specific enough.
Knowing the steps attackers take when launching
an attack and the difference between APTs and
targeted attacks is enough to set the story straight.
VS APTs TARGETED ATTACKS
APTs are often improperly
categorized because of their
seemingly vague definition.
At its most basic level, an APT is
a category of threats where
cyber attackers thoroughly and
aggressively pursue and
compromise a target.
All APTs
Targeted Attacks
All APTs can be considered
targeted attacks.
Targeted Attacks
APTs
However, companies run into
problems in thinking that all
targeted attacks are APTs—
it’s simply not true.
Customized Tools and Techniques
Unlike widespread and generic
targeted attacks, APTs include
zero-day exploits, rootkits and
other tools that are designed for a
specific attack.
APTs attempt to move slowly
and stay under the radar for a
long time until the mission is
finished.
Mainstream cyber attackers often go
for “the quick score." They get in and
out as quickly as possible to obtain
some valuable data.
The Long Con
High Expectations APTs are often used to carry out
covert state actions, targeting
military, political or economic data.
They aren’t perpetrated by a
singular attacker; rather, groups
using APTs can be well staffed and
funded, and operate with high
levels of intelligence.
One Specific GoalOrganizations executing APTs go
into a project with an objective that
they relentlessly pursue. These
groups know exactly what their
goals are - and won’t stop until
they’ve been attained.
According to Mandiant*, while different attacker
groups may modify the APT roadmap, these are the 7
steps attackers go through for an APT attack.
*Data Source: Mandiantm - The Advanced Persistent Threat
1 2 3 4 5 6 7Initial Compromise
Attackers compromise an
individual connected to the target
network, often with a spear
phishing attack, to begin the
malware delivery for an APT attack.
https://dl.mandiant.com/EE/assets/PDF_MTrends_2010.
1 2 3 4 5 6 7 Establish a Foothold
A backdoor is implemented to
ensure that the threat group is
able to access and control at
least one computer in the
target network.
1 2 3 4 5 6 7
Escalate Privileges
User credentials are
compromised in succession to
gain authorized increasing
access to network resources.
Click below to get our guide about the differences
between honeypots and deception tech...
Coffee Break!
1 2 3 4 5 6 7
Internal Recon
The attackers collect
information about the network
and learn where the valuable
information is stored.
1 2 3 4 5 6 7Move Laterally
With the newly acquired
credentials, attackers can move
through the network of
computers until they reach
their end goal.
1 2 3 4 5 6 7Maintain Presence in the Network
Whether it’s through
additional backdoors or valid
PKI and VPN credentials,
attackers make sure they have
continuous access to the
victim network.
1 2 3 4 5 6 7
Complete the Mission
When attackers make their way
to the valuable data, they
compress it and find a way to
remove it from the network undetected.
www.illusivenetworks.com
You've earned a donut to go with your coffee. Now you understand the
steps attackers take when launching an attack and the difference
between APTs and targeted attacks.
Success!
Learn More AboutAttacker ViewTM Technology Click Here