Check out all of our upcoming events

Blog

Get news about our products, which events we are attending plus industry insights and commentary

The APT Series Part 1 'What is an Advanced Persistent Threat? '

on Thursday, 26 September 2019. Posted in Cyber

The APT Series Part 1  'What is an Advanced Persistent Threat? '

APT groups are an enduring threat to every nation state across the world, their patterns of life and attack behaviour are constantly evolving and closely follow the interests of their state backers.

In this series we are going to explore what an APT is, what an APT group is and the difference between the two. As well as focusing on a specific APT group and their tactics and TTPs.

Why do APT groups exist?

APT groups exist due to nation states and criminal groups pushing a doctrine of a stronger economic or political influence within the broad term of global cyber warfare. This doctrine presents to the defending organisations and agencies generally as one of three ways: espionage, sabotage or theft. The targets being privatised critical national infrastructure and services (e.g. power and utilities, communications, smart cities, finance, transport, cloud) this means that the conflict takes place with commercial entities being both targets and collateral damage.

So…what is an APT?

Advanced – Operators have a large spectrum of techniques and technologies at their disposal, the individual component attacks of an APT in themselves may not be considered advanced (for example using malware generated from parts of a do-it-yourself kit or bought exploits). However, the combining the following factors, makes the threats very advanced.

  • ·The behaviour of combining attack vectors and methodologies to attack and compromise targets
  • ·The ability to re-write code or develop tools from scratch where pre-made tools may not have the required capability
  • ·And an ability in the realm of operational security delineates the APT from‘less advanced’ threats.

Persistent – Threat actors move more towards the “low and slow” persistent approach of attacks and if connection to the target is lost, the operator will make attempts to reconnect. This means that it is not an opportunistic ‘hit and run’ tactic, used in less persistent methods and groups

Threat – APTs exhibit a real threat in their capability, potential power and intention. The fact that APT attacks are orchestrated and executed by skilled, motivated, well-funded and organised humans rather than mindless automation makes this an ultimate threat.

So, in summary, an Advanced Persistent Threat (APT) is a prolonged and targeted cyberattack. The key to this form of attack is to remain undetected for a period of time, and utilise elements of the cyber kill chain (seen in fig 1) to enumerate the network, isolate targets of interest, weaponise gathered information and follow the APT lifecycle (Seen in fig 2) to create an attack structure which involves customised elements based on the target of interest and the end goal.

APT groups use this method of attack and in the most part are state sponsored, with each individual group being assigned a designation number as well as in some cases a defining name to differentiate the groups based on their Geo-association and TTPs. State sponsors tend to provide intelligence and funding to accomplish attacks on infrastructure, electrical, social media, electoral and other political targets to destabilise enemies or provide another method of attack to support allies. However, in some cases APTs can be sponsored by criminal organisations for gaining information and carrying out criminal acts for financial gain (even the bad guys need to keep the lights on!). Whatever the motivation or attacker, they will have a significant impact on an organisation and so the cyber strategy needs to protect against APT.

 

 

 

Leave a comment

You are commenting as guest.

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.