Understanding and Preventing Advanced Persistent Threats (APTs)

Advanced Persistent Threats (APT) are a new type of threat that developed out of standard hacking techniques. APTs are composed of multiple attacks, infiltration, and malware installations through one or many organizations. They are often large in scope and contain many moving parts. This section explores the structure of APTs, famous examples, and methods for preventing APTs within your organization.An Advanced Persistent Threat, or APT, is a special type of cybersecurity attack that aims to sustain undetected, unauthorized access for long periods of time. Often, Advanced Persistent Threats can occur through multiple attack vectors. APTs can be complex, multi-headed, and grand in scope. However, the ultimate goal in any case is to gain covert access for as long as possible. These threats are each inherently unique; therefore it is important to understand the underlying structure of Advanced Persistent Threats, frequently found examples of Advanced Persistent Threats in the real world, and organizational techniques for preparing against Advanced Persistent Threats.The main difference between Advanced Persistent Threats and normal cybersecurity attacks is complexity. A normal exfiltration attack, such as those carried out for penetration testing, is designed to carry out its purpose and remove all traces of infiltration. An Advanced Persistent Threat may utilize multiple penetration testing attacks, entrenchment, the installation of malware and spyware, and other cybersecurity methods employed on a large scale. In many cases, the goal of these attacks is to collect large amounts of personally identifying information. Financial institutions, educational institutions, and government organizations are often primary targets for information-gathering through Advanced Persistent Threats.What are some examples of Advanced Persistent Threats in the real world? The most famous example is likely Stuxnet. Stuxnet is a computer worm designed to target industrial controls. Specifically, Stuxnet was designed to monitor and damage Iran’s nuclear energy program. The program was successful in its initial mission, but an accidental update caused the virus to leave an engineer’s computer and access the internet. Another famous example of an Advanced Persistent Threat is GhostNet. GhostNet is a widely distributed surveillance operation that operates primarily from the People’s Republic of China. The influence of GhostNet has spread to high-priority targets in many countries, and it has been used in the past to further national interests. In both cases, the APT is designed to handle many targets and maintain a constant, covert presence within multiple organizations at once.APTs can be prevented in a manner like many other cybersecurity threats. The first line against Advanced Persistent Threats is prevention. After prevention, detection and removal are the next steps in securing your organization against Advanced Persistent Threats. Network monitoring for unusual communications, spikes in network traffic, and unauthorized hosts can be crucial in preventing an APT from developing. Another sign of an Advanced Persistent Threat is specialized spear phishing campaigns. Spear phishing involves collecting target information on phishing recipients, and the campaign may reveal the breach of information contained within the organization. In this case, there may be an Advanced Persistent Threat towards the organization. Removing a heavily entrenched Advanced Persistent Threat can be extremely difficult, so it is best practice to detect and prevent these attacks early on.High-profile targets require advanced cybersecurity techniques; Advanced Persistent Threats make up these kinds of attacks. Organizations that carry high amounts of personally identifying information are the greatest targets for Advanced Persistent Threats. These threats may entail entrenched spyware at multiple points of access, inactive monitoring software installed for later use, persistent exfiltration of personal data from many sources, and other multi-tiered approaches to standard attacks. Preventing Advanced Persistent Threats is a matter of good timing and vigilance. The best defense is to prevent Advanced Persistent Threats through consistent network monitoring, and to eliminate existing Advanced Persistent Threats through early detection. Each case is unique, therefore APTs require time and resources to detect, remove, and prevent.