If there’s one thing that keeps corporate cybersecurity professionals awake at night, it’s the thought of an attack employing a range of sophisticated techniques designed to steal the company’s valuable information.
As the name “advanced” suggests, an advanced persistent threat (APT) uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period, with potentially destructive consequences.
The Prime Targets of Advanced Persistent Threats
Because of the level of effort needed to carry out such an attack, APTs are usually leveled at high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period, rather than simply “dipping in” and leaving quickly, as many black hat hackers do during lower-level cyber assaults.
APT is a method of attack that should be on the radar for businesses everywhere. However, this doesn’t mean that small and medium-sized businesses can ignore this type of attack.
APT attackers are increasingly using smaller companies that make up the supply chain of their ultimate target as a way of gaining access to large organizations. They use such companies, which are typically less well-defended, as stepping-stones.
Five Stages of An Evolving Advanced Persistent Attack
The whole purpose of an APT attack is to gain ongoing access to the system. Hackers achieve this in a series of five stages.
- Stage One: Gain Access
- Stage Two: Establish a Foothold
- Stage Three: Deepen Access
- Stage Four: Move Laterally
- Stage Five: Look, Learn, and Remain
Stage One: Gain Access
Like a burglar forcing open a door with a crowbar, cybercriminals usually gain entry through a network, an infected file, junk email, or an app vulnerability to insert malware into a target network.
Stage Two: Establish a Foothold
Cybercriminals implant malware that allows the creation of a network of back-doors and tunnels used to move around in systems undetected. The malware often employs techniques like rewriting code to help hackers cover their tracks.
Stage Three: Deepen Access
Once inside, hackers use techniques such as password cracking to gain access to administrator rights so they can control more of the system and get even greater levels of access.
Stage Four: Move Laterally
Deeper inside the system with administrator rights, hackers can move around at will. They can also attempt to access other servers and other secure parts of the network.
Stage Five: Look, Learn, and Remain
From inside the system, hackers gain a full understanding of how it works and its vulnerabilities, allowing them to harvest the information they want at will.
Hackers can attempt to keep this process running — possibly indefinitely — or withdraw once they accomplish a specific goal. They often leave a back door open to access the system again in the future.
The Human Factor of APT
Because corporate cyber defenses tend to be more sophisticated than a private user’s, the methods of attack often require the active involvement of someone on the inside to achieve that crucial, all-important “crowbar” moment. That doesn’t mean, however, that the staff member knowingly participates in the attack. It typically involves an attacker deploying a range of social engineering techniques, such as whaling or spear phishing.
A Remaining Advanced Persistent Threat
The major danger of APT attacks is that even when they are discovered and the immediate threat appears to be gone, the hackers may have left multiple back-doors open that allow them to return when they choose. Additionally, many traditional cyber defenses, such as antivirus and firewalls, can’t always protect against these types of attacks.
How Do You Prevent An APT?
This is a loaded question. When organizations detect gaps in their security, they intuitively deploy a standalone product to fill that void. A solution filled with standalone products, however, will continue to have inherent gaps.
To avoid these security gaps, organizations need to take a holistic approach. This requires a multilayered solution, ranging from integrated security solutions to a workforce that is trained and aware of social engineering techniques, must be deployed to maximize the chance of a successful ongoing defense. Deploying a portfolio of products that can seamlessly work together is the best way to enhance security.
Conclusion
The bitter truth is…no one is excluded from an APT, as long as you have your imprints on the internet. Know this and know peace. As much as you can, strive to do the needful.