Advanced Persistent Threat- New Threat Landscape

Definition:

IT systems are now facing much more complex threats which are difficult to manage. An advanced persistent threat (APT) is a type of network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. APT’s are a combination of multiple types of attack vectors such as malwares, spear phishing, social engineering etc. The origin of the term “advanced persistent threat” emerged from the US government sector in 2006 describing a new misleading form of attack that targeted individuals by accessing a website infected with Trojan horse software. Various attacks have happened since that time. In 2008, there was a series of APT attacks against the oil industry. In 2011 an APT attack was targeted at the security firm RSA.

The purpose of this attack is data breaches rather than causing damage to the network. APT is a targeted attack which usually target organizations in sectors with high value of information, such as national defence, manufacturing and the financial industry. APT uses evasion techniques and can evade many antivirus barriers. APT’s continue to grow globally which primarily involves large enterprises and SME’s.

How they are different from other cyber attacks

  • APT’s are customized attacks which uses highly customized intrusion tools and techniques. These types of tools include threats, worms, viruses and zero day attacks.
  • At single time APT’s launches multiple threats to remain undetected in targeted systems and sometimes include a threat which tricks the target in believing that attack has been resolved.
  • The primary goal of APT’s is to remain undetected and achieve their objectives by moving slowly, which is opposite to other type of cyber-attacks.
  • APT’s are many times well-funded or state or government sponsored which are responsible for launching such precise attacks, which can lead to national data breaches or a trade threat.
  • APT’s usually occur for long period of time compared to other form of cyber-attacks.
  • Mostly seen, APT attacks have been launched at defence contractors, government agencies and facilities, and manufacturers of products which are highly competitive on global markets.

Conclusion:

APT tools and techniques are more likely to be adopted by cyber criminals, organizations need to understand APT’s and the damages associated with these threats. With growing APT and cyber-attacks organizations are in search of new and advanced solutions based on AI and machine learning to counter these attacks.

– Sonam Chawla 
Research Analyst,
Infoholic Research