Advanced Persistent Threats – Attack and Defence
Advanced Persistent Threats (APT) was originally coined while nations were involved in cyber-espionage. These techniques are used by cyber-criminals to steal data for monetary gains. Unlike other threats, these threats are advanced, often targeted, persistent in nature, and evasive too. APTs target particular organizations unlike other usually found malwares, which sweep down random millions of boxes. The sole intention here is to gain monetary benefit by causing damage to cyber infrastructure. This story would focus on nature of APTs; the methodology involved in performing APT based attacks and covers the possible defenses against the threats.
Business ranging from small to corporates face this growing problem. To come up with a fence to the organization constant vigilance, employee awareness, and security policies aligned with the nature of APTs is necessary. Even if the defense is breached after putting in best efforts, a remediation plan needs to be kept handy to address the situation. The attacks need high level of skill sets and expertise to execute, which just wait for the right opportunity to trigger. These are new, customized in order to breach the best of security fencing. Hardening the perimeters and servers will reduce the spread of evil code. Maintaining and scrutinizing the logs will allow early detection of threat and gives that extra time needed to address the situation.
The APT Life cycle covers 6 phases as enumerated below. (As reported by Michael Cobb)
- Phase 1: Reconnaissance
- Phase 2: Spear phishing attacks
- Phase 3: Establish Presence
- Phase 4: Exploration and Pivoting
- Phase 5: Data Extraction
- Phase 6: Maintaining Persistence
Read the complete article here: InfosecInstitute