Advanced persistent threat has made headlines when it hit big names like SONY, Symantec, RSA etc. APT is a stream of cyber crime with a focus on specific entities. This focus makes it different from other types of attacks.
APT threats are focused on specific targets and not any target. Attackers choose targets for reasons, some are social causes, some are for specific causes and some others are for money
If the objective of an attacker is to make money, they go after the weak systems. If you system is stronger than the others, you might be able to survive the wave of attacks. Some other attackers want to build a network of computers which s/he can control and use it for building the botnet and make money out of it. If your network is strong enough, you would not have to worry too much about the conventional hackers who are after money by any means. As long as you are secure than most of the peers, the attackers will go after the less secure ones.
Now, let us look at the attacks that has a specific target. Theses attacks are much different from conventional hacking. It is focused on you or me as an individual or businesses or government entities. The reasons of these attacks vary from defamation, information leakage, money, competition, cyber war, cyber terrorism, economics and many more.
Against the APT attacks, it is not enough to be the best among your peers. You need to be at par with the attackers. Many a time, the attackers of this sort are well organized and funded. These group of attackers would have a better skilled people who has good amount of time and patience to carry out these cyber attacks. So in reality, APT is the real test for your security. In most cases, APT attacks could take anything weeks to many months to become successful.
How does a typical Advanced Persistent Threat attack works
Advanced: In most of the APT attacks, the cyber attackers use the full spectrum of intrusion tools and techniques. The attackers use common tools along and build extensions as required to make them advanced. These malware could be made to attack systems based on patterns or remotely controlled such as StuxNet.
Persistent: As discussed above, these attackers have a lot more patience and may not look for immediate financial gain. The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a .low-and-slow. approach is usually more successful. For example, one instance of SQL injection from an IP address in 10 minutes may not get noticed or blocked by an IPS. It might take a week to complete this particular attack, but the attacker takes that time to complete it.
Threat: The attackers have specific objectives and they use the technology along with human mind to exploit the vulnerabilities
How are you going to protect yourself from APT? If your computing infrastructure is super secure, well and good. What about your people? Your CEO, his / her personal assistant? Personal Computers at the CEO.s home or the personal assistant.s home where they check office systems such as email or VPN? Yes, this is APT.
Share your thoughts and if possible any experiences. I am keen to know the threat scenarios and how you have mitigated those APT attacks