Advanced Persistent Threat: Definition, Lifecycle and Defense
An advanced persistent threat (APT) is a form of attack carried out by experts over a long stretch of time.
Unlike other forms of hacking you're accustomed to facing as a small business owner, an advanced persistent threat often comes from experts. Typically, these initiatives are launched by nations or nation-states. The hackers themselves know they'll never be arrested for their work. And they have all of the resources of a kingdom to help them.
The basic concepts of advanced persistent threats aren't new. Analysts from the United States Air Force coined the term back in 2006. They were talking about attacks against one government launched by another.
But APT security has moved to the top of the to-do list for many private companies. A major attack discovered in December of 2020 targeted “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia, and the Middle East.” As a result, many security analysts realised they needed to keep their companies safe.
Could You Face Advanced Persistent Threats?
A common APT target is a government agency. Large corporations are considered valuable assets too. Launching an attack takes time and resources, and most entities are concerned with making the most of their hard work and investment.
But some APT attackers use a supply-chain approach. They attempt to overturn smaller companies that hold contracts with their main target. Each one they take over brings them closer to the final goal.
You might be at risk if you work for:
- Defence contractors. The data you hold is valuable, but your connection to larger agencies is even more so.
- Financial services companies. Banks, including investment banks, have valuable assets. But you could also have sensitive information that could be used in forming a bigger attack.
- Legal agencies. The information you have on your clients and competitors could be incredibly useful to APT actors.
- Utilities. Pulling down a major network, such as a telecom connection or a power grid, could be very useful in a major attack.
In essence, almost any company out there could face an attack like this at some point.
What Does an Advanced Persistent Attack Look Like?
The words "advanced" and "persistent" are critical to remember as you think about APTs. These are attacks that use the newest technology, and the goal is to remain within your system as long as possible to extract valuable assets.
A typical attack moves in five stages.
- Access: Phishing email, fraudulent apps, social engineering, and infected files give hackers an opportunity to introduce malware.
- Settle: With the malware up and running, hackers have easy access to your systems. The goal is to remain undetected, so hackers may use coding skills to cover their tracks.
- Stretch: Hackers search for opportunities to gain administrator rights.
- Move: Hackers tap into other servers, and they dig into deeper corners of your network.
- Persist: Hackers remain in place until they've achieved some sort of goal. Even then, they may create o