“APT”, the acronym for Advanced Persistent Threat, indicates a type of targeted and persistent attacks carried out by opponents with considerable technical expertise and great resources.
As the “Advanced” part of the name suggests, an APT attack uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain within the system for an extended period of time with potentially destructive consequences.
However, APT is not only a type of cyber attack, but it can also be groups of hackers or cybercriminals who use the Advanced Persistent Threat technique to target victims.
There are several APT actors out there and they are extremely technical hackers who have great resources (both technological and economic) at their disposal.
The main targets
Given the level of effort required to carry out such an attack, APT attacks are generally aimed at high-value targets, such as states and large corporations, with the ultimate goal of stealing information for an extended period of time, rather than operating a simple “hit and run”.
The APT attack method should be a concern for businesses around the world. And small and medium-sized businesses are no exception.
APT attackers increasingly target small companies, which belong to the production chain of their ultimate goal, as a gateway to reach large organizations. They use these companies as a springboard due to their lower defenses.
The characteristics of the APT attacks
The computer attack APT ranks among the currently existing more difficult computer infections to identify and eradicate.
It is known that the APT attack has two essential characteristics:
- lasts for a long time: from a few months to a few years (the longest APT attack detected so far lasted about five years).
- it is difficult to identify: even the most modern systems struggle to identify it.
It is important to make this premise because we are talking about particularly advanced attack technologies, which require the wit and ingenuity of trained and particularly skilled hackers.
We can say with certainty that the technologies used in APTs are accessible to a few and selected web criminals.
An APT attack is lethal in all its forms. Its danger is given by the absolute certainty of the goal. The ATP cyber attack is studied at every stage and adapted to the subject to be hit.
The companies that are victims of these attacks are carefully chosen by the hacker and their IT structure is studied for months before being breached.
In all APT cases, the motive for the crime is industrial espionage.
An evolving APT attack
The purpose of an APT attack is to gain continuous access to the system. Hackers achieve this in a series of stages.
Step one: Get Access
Hackers usually gain access through a network, an infected file, junk email, or a vulnerability app to inject malware into the target network.
Step Two: Establish a Foothold
Cybercriminals install malware that allows them to create a network of backdoors and tunnels that they can use to navigate systems undetected. Techniques such as code rewriting are often used in malware that allow hackers to hide their tracks.
Step Three: Enter Deeper Levels
Once inside the system, hackers use techniques such as password cracking to gain administrator rights, so they can control more of the system and achieve even higher levels of access.
Phase four: Lateral Movement
Once deeper into the system and in possession of administrator rights, hackers can move around however they want. They may also attempt to access other servers and other secure parts of the network.
Step Five: Watch, Learn, and Stay
From inside the system, hackers are able to fully understand how it works, to know its vulnerabilities, and to gather all the information they want.
Attackers would be able to keep this process going on potentially indefinitely, or retreat after reaching a specific goal. They often leave a door open so that they can access the system again in the future.
APT and the human factor
As corporate cyber defenses tend to be more sophisticated than those of home users, attack methods often require the active involvement of someone within the organization, in order to actually enter the interested part of the system.
This does not mean that any of the staff knowingly participate in the attack, but rather that attackers often employ social engineering techniques, such as whaling and spear phishing.
A threat that remains
The worst danger of APT attacks is that, even when they are discovered and the immediate threat seems to have vanished, hackers may have left various backdoors open that allow them to return whenever they want.
In addition, many traditional cyber defenses such as antivirus and firewalls are not always able to protect systems from these types of attacks.
The combination of multiple measures is required for the greatest success of an ongoing defense, ranging from sophisticated security solutions to a trained and socially engineered workforce.
The prevention tools against APT
It is extremely difficult to identify an ATP attack in progress. However, it is possible to continue to protect the health of the corporate IT network by applying various precautions.
The main tool for preventing ATP attacks is the Vulnerability Assessment.
The vulnerability test or Vulnerability Assessment is the fundamental tool for understanding the health status of an IT system.
The Vulnerability Assessment activity is an alarm bell that allows a quick check up and allows a quick overview of the entire IT system, indicating the presence of vulnerabilities in the company IT system.
Since known vulnerabilities are considered the first entry point of the ATP hacker, finding and remedying them is a good first step in defending against these attacks.
The Vulnerability Assessment should normally be performed at least once a year.