Thursday, October 6 2022

This blog is in continuation to the the part 1 blog.

APT attacks are only interested in two things :

1. Intelligence gathering – Illegal mining of information from a network

2. Data Exfiltration – Unauthorized data transmission to external locations, where it’s controlled, Encrypted under the attacker’s control.

APT can, therefore, is seen as multi-phase attacks, involving the penetration of illegal entry Into an individual or organization network and probing for valuable data, information, and other vulnerabilities. The government can also finance an APT attack or attacks. They do this when they wish to source for information from other countries and also to influence the public interest of the target country. The most amazing thing about APT is their ability to ghost themselves completely in a network without being noticed. An average APT can last months in a system while doing numerous damages to the recipient organization in stealing data and trading secrets. Advanced Persistent threats still represent an ongoing danger to organizations, government agencies, and individuals.

Simply put, APTs are often characterized by their sustained, sophisticated and their multi prolonged efforts to gain access to an organization’s networks and computers. They use advanced techniques like Anti-sandboxing, Polymorphism, and multiple stage payloads to avoid being detected.

APT Should be considered as a much higher level of threat, as it differs from other types of malicious attacks. Contrary to some malicious cyber agents that produce quick damaging attacks, APTs take stealthy and more strategic approach. Attacks infiltrate the system via malware like phishing or Trojans, after which their attack software is stealthily planted into the entire system network. This action can last months or even years before they’re detected.

This blog is in continuation to the the part 1 blog.

APT attacks are only interested in two things :

1. Intelligence gathering – Illegal mining of information from a network

2. Data Exfiltration – Unauthorized data transmission to external locations, where it’s controlled, Encrypted under the attacker’s control.

APT can, therefore, is seen as multi-phase attacks, involving the penetration of illegal entry Into an individual or organization network and probing for valuable data, information, and other vulnerabilities. The government can also finance an APT attack or attacks. They do this when they wish to source for information from other countries and also to influence the public interest of the target country. The most amazing thing about APT is their ability to ghost themselves completely in a network without being noticed. An average APT can last months in a system while doing numerous damages to the recipient organization in stealing data and trading secrets. Advanced Persistent threats still represent an ongoing danger to organizations, government agencies, and individuals.

Simply put, APTs are often characterized by their sustained, sophisticated and their multi prolonged efforts to gain access to an organization’s networks and computers. They use advanced techniques like Anti-sandboxing, Polymorphism, and multiple stage payloads to avoid being detected.

APT Should be considered as a much higher level of threat, as it differs from other types of malicious attacks. Contrary to some malicious cyber agents that produce quick damaging attacks, APTs take stealthy and more strategic approach. Attacks infiltrate the system via malware like phishing or Trojans, after which their attack software is stealthily planted into the entire system network. This action can last months or even years before they’re detected.

Advanced Persistent Threats

Perhaps defining the initials one after the other will create a better understanding of the term because each initial denotes an idea that makes up the whole.

A – Stands for Advanced. When we talk about the advanced, we’re talking about something that supersedes the normal ones. They often combine multiple targeting tools and methods to reach a targeted network or computer. And since they’re that advanced, it takes time for them to be developed, and costs a huge amount of money to produce.

P – Stands for Persistent. That is, having and being persistent on an objective or a target. Rather than seeking information from various sources, APT hackers have clear objective/specific tasks Because they’re guided by external entities.

T – Stands for Threat. Regardless of form or type, APT is always a threat to information security.

LIFE CYCLE OF AN ADVANCED PERSISTENT THREAT

The longer APT stays in a network, the more it manifests itself. Like every known organism, APT also follows a consistent life cycle to infiltrate and operate inside an organization. In targeted attacks, the APT life cycle follows a continuous process of six key phases which are:

(1) Intelligence Gathering – This cycle involves the identification and research carried out on a target using public sources ( Social media, etc.). This prepares them for an attack.

(2) Point of Entry – This means the delivery of zero-day malware using social engineering. (E.g. Emails). A backdoor is then created and information can then be siphoned away.

(3) Command & Control (C&C) Communication – This refers to the communication used throughout an attack to instruct and control the malware used.

(4) Lateral Movement – This is a cycle Where the original attack has compromised additional machines. This means that when the APT has spent a long time on the network, the hacker can control the network beyond his initial target. It means, the longer the APT stays on the network, the more it grows.

(5) Asset/Data Discovery – This involves the use of techniques to scout for servers that hold the information of interest.

(6) Data Exfiltration – This is the last stage and it involves unauthorized data transmission to external locations without leaving behind a single trace.

Please keep visiting this website to check the subsequent parts of the article.

Previous

Advanced Persistent Threats - Part 1

Next

What is cyber security?

Check Also

Widget

Don’t Miss

Cyber Deals: Spin Technology, CyberArk, Mesh Security

James Hu

Cybersecurity Venture Funding and Mergers: This week’s deals involved cloud security services, data privacy, and industrial cybersecurity companies. Funding Cloud cybersecurity firm Mesh Security has secured $4.5 million in venture funding. The round was led by Booster Ventures with participation from other investors. Spin Technology, a firm providing SaaS security solutions, raised $16 million in […]

Cyber Deals: Cybrary, Ping Identity, Axio Global

James Hu

Cybersecurity Venture Funding and Mergers: Key investments were made in cybersecurity training, secure enterprise browser, and risk management companies. M&A activity this week involved identity security, zero trust, and threat intelligence firms. Funding Cybrary, a cybersecurity training platform, raised $25 million in a Series C funding round. The round was led by BuildGroup and Gula […]

Cybrary Secures $25 Million in Series C Funding Round

James Hu

Cybrary, a Maryland-based cybersecurity training platform provider, raised $25 million in a Series C funding round. The round was led by BuildGroup and Gula Tech Adventures, two of its current investors. Following its $15 million Series B round announced in November 2019, this latest investment brings Cybrary’s total funding to date to $48 million. Cybrary […]

Cyber Deals: Exterro, Naoris Protocol, Cybit Sec

James Hu

Cybersecurity Venture Funding and Mergers: This week, notable funding and M&A activity involved compliance, enterprise security, and vulnerability assessment firms. Funding Exterro, a legal governance, risk, and compliance software provider, completed a strategic recapitalization valuing the firm at over $1 billion. The company, currently owned by Leeds Equity Partners, is targeting a potential 2023 initial […]

Cyber Deals: Halborn, Irideos, Anvilogic

James Hu

Cybersecurity Venture Funding and Mergers: This week, cybersecurity venture funding and M&A activity involved blockchain, artificial Intelligence, and SaaS solution providers. Many of these deals will also be funding the future of cloud security. Funding Halborn, a blockchain cybersecurity firm, raised $90 million in a Series A funding round led by Summit Partners with participation […]

Huntress acquires Curricula for $22 million

James Hu

Huntress, a cybersecurity firm providing a security management platform to small and medium sized businesses, has acquired Curricula, a security awareness training service provider, for $22 million. Curricula is a freemium SaaS company offering solutions for employee cybersecurity training. Their methods incorporate behavioral learning techniques and engaging storytelling to maximize employee engagement. Small and medium […]