Wednesday, May 18 2022

This blog is in continuation to the the part 1 blog.

APT attacks are only interested in two things :

1. Intelligence gathering – Illegal mining of information from a network

2. Data Exfiltration – Unauthorized data transmission to external locations, where it’s controlled, Encrypted under the attacker’s control.

APT can, therefore, is seen as multi-phase attacks, involving the penetration of illegal entry Into an individual or organization network and probing for valuable data, information, and other vulnerabilities. The government can also finance an APT attack or attacks. They do this when they wish to source for information from other countries and also to influence the public interest of the target country. The most amazing thing about APT is their ability to ghost themselves completely in a network without being noticed. An average APT can last months in a system while doing numerous damages to the recipient organization in stealing data and trading secrets. Advanced Persistent threats still represent an ongoing danger to organizations, government agencies, and individuals.

Simply put, APTs are often characterized by their sustained, sophisticated and their multi prolonged efforts to gain access to an organization’s networks and computers. They use advanced techniques like Anti-sandboxing, Polymorphism, and multiple stage payloads to avoid being detected.

APT Should be considered as a much higher level of threat, as it differs from other types of malicious attacks. Contrary to some malicious cyber agents that produce quick damaging attacks, APTs take stealthy and more strategic approach. Attacks infiltrate the system via malware like phishing or Trojans, after which their attack software is stealthily planted into the entire system network. This action can last months or even years before they’re detected.

This blog is in continuation to the the part 1 blog.

APT attacks are only interested in two things :

1. Intelligence gathering – Illegal mining of information from a network

2. Data Exfiltration – Unauthorized data transmission to external locations, where it’s controlled, Encrypted under the attacker’s control.

APT can, therefore, is seen as multi-phase attacks, involving the penetration of illegal entry Into an individual or organization network and probing for valuable data, information, and other vulnerabilities. The government can also finance an APT attack or attacks. They do this when they wish to source for information from other countries and also to influence the public interest of the target country. The most amazing thing about APT is their ability to ghost themselves completely in a network without being noticed. An average APT can last months in a system while doing numerous damages to the recipient organization in stealing data and trading secrets. Advanced Persistent threats still represent an ongoing danger to organizations, government agencies, and individuals.

Simply put, APTs are often characterized by their sustained, sophisticated and their multi prolonged efforts to gain access to an organization’s networks and computers. They use advanced techniques like Anti-sandboxing, Polymorphism, and multiple stage payloads to avoid being detected.

APT Should be considered as a much higher level of threat, as it differs from other types of malicious attacks. Contrary to some malicious cyber agents that produce quick damaging attacks, APTs take stealthy and more strategic approach. Attacks infiltrate the system via malware like phishing or Trojans, after which their attack software is stealthily planted into the entire system network. This action can last months or even years before they’re detected.

Advanced Persistent Threats

Perhaps defining the initials one after the other will create a better understanding of the term because each initial denotes an idea that makes up the whole.

A – Stands for Advanced. When we talk about the advanced, we’re talking about something that supersedes the normal ones. They often combine multiple targeting tools and methods to reach a targeted network or computer. And since they’re that advanced, it takes time for them to be developed, and costs a huge amount of money to produce.

P – Stands for Persistent. That is, having and being persistent on an objective or a target. Rather than seeking information from various sources, APT hackers have clear objective/specific tasks Because they’re guided by external entities.

T – Stands for Threat. Regardless of form or type, APT is always a threat to information security.

LIFE CYCLE OF AN ADVANCED PERSISTENT THREAT

The longer APT stays in a network, the more it manifests itself. Like every known organism, APT also follows a consistent life cycle to infiltrate and operate inside an organization. In targeted attacks, the APT life cycle follows a continuous process of six key phases which are:

(1) Intelligence Gathering – This cycle involves the identification and research carried out on a target using public sources ( Social media, etc.). This prepares them for an attack.

(2) Point of Entry – This means the delivery of zero-day malware using social engineering. (E.g. Emails). A backdoor is then created and information can then be siphoned away.

(3) Command & Control (C&C) Communication – This refers to the communication used throughout an attack to instruct and control the malware used.

(4) Lateral Movement – This is a cycle Where the original attack has compromised additional machines. This means that when the APT has spent a long time on the network, the hacker can control the network beyond his initial target. It means, the longer the APT stays on the network, the more it grows.

(5) Asset/Data Discovery – This involves the use of techniques to scout for servers that hold the information of interest.

(6) Data Exfiltration – This is the last stage and it involves unauthorized data transmission to external locations without leaving behind a single trace.

Please keep visiting this website to check the subsequent parts of the article.

Previous

Advanced Persistent Threats - Part 1

Next

What is cyber security?

Check Also

Widget

Don’t Miss

Cyber Deals: Datadog, AutoRABIT, Teleport, YL Ventures

Corey Campbell

CYBERSECURITY VENTURE FUNDING AND MERGERS: This week’s largest venture rounds INVOLVED Identity and Access Management, email security, and API security. Observability and managed security TOOLS REMAIN STRONG TARGETS FOR STRATEGIC BUYERS. Funding SaaS observability company Observe, Inc. has secured $70 million in a series A-2 funding round with participation from Sutter Hill Ventures (SVH), Capital […]

Abnormal Security Raises $210M in Series C Funding Round

SecureDisruptions

Abnormal Security, the leading AI-based cloud-native email security platform, announced today the close of a $210 million Series C round of financing led by global software investor Insight Partners, with participation from Greylock Partners and Menlo Ventures. With this round, the 4-year-old company is now valued at $4 billion. The move to hybrid work fueled […]

Datadog to Acquire Hdiv Security

SecureDisruptions

Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today announced it has entered into a definitive agreement to acquire Hdiv Security, a leading security-testing software provider. The addition of Hdiv Security’s capabilities to Datadog’s Cloud Security Platform will enable a more comprehensive approach to application security. Hdiv Security’s product monitors application behavior to […]

Traceable AI Raises $60 Million IN Series B Funding Round

SecureDisruptions

Traceable AI, the API security & observability company, today announced it has raised $60 million in Series B funding. This new funding values Traceable AI at more than $450 million. This investment round was led by Institutional Venture Partners (IVP), and other investors include Tiger Global Management and existing investors Unusual Ventures and BIG Labs. Traceable AI plans to […]

Network Perception Secures $13 Million in Series A Funding Round

SecureDisruptions

Network Perception, innovators of operational technology (OT) solutions which protect mission-critical assets, announced today that it has raised $13 million in Series A financing. The funding round was led by The Westly Group with participation from Energy Impact Partners and other existing investors, including Serra Ventures, Okapi Venture Capital, Energy Foundry and SaaS Venture Capital. […]

Cyber Executive Moves: Accenture, CISA, Shift5

Julia Bischoff

The CISA and Department of Energy gain new cybersecurity veterans. CISOs Connect names a new president. Information technology management company Accenture appointed Paolo Dal Cin as global head of Accenture Security and as a member of Accenture’s Global Management Committee. Dal Cin has been with the company since 2003 and most recently led security teams […]