Introduction- Advanced Persistent Threat(APT)
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization. APT attacks target organizations in sectors with high-value information, such as national defence,manufacturing and the financial industry.
An APT attacker often uses spear fishing, a type of social engineering, to gain access to the network through legitimate means. Once access has been achieved, the attacker establishes a back door.The next step is to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. The back doors allow the attacker to install bogus utilities and create a “ghost infrastructure” for distributing malware that remains hidden in plain sight.
First warnings against targeted, socially-engineered emails dropping trojans to exfiltrate sensitive information were published by UK and US CERT organisations in 2005, although the name “APT” was not used The term “advanced persistent threat” is widely cited as originating from the United States Air Force in 2006 with Colonel Greg Rattray frequently cited as the individual who
coined the term. The Stuxnet computer worm, which targeted the computer hardware of Iran’s nuclear program, is one example.
●Defence and Combat Against APT–
While there is reason to believe that most businesses will be targeted by APTs, simple defence strategies will go a long way to preparing businesses for APTs and reducing the risk, according to IT security professionals. as having a vulnerability management system in place, keeping security patches up to date, and continually testing the security posture of the IT infrastructure. no single layer of fraud prevention or authentication is enough to stop determined fraudsters. Multiple layers must be employed to defend against today’s attacks and those that have yet to appear. The final line of defence is the people in the organisation, the most valuable asset a business has.
As APTs may exploit known or unknown vulnerabilities and may propagate using a number of different methods, companies urges businesses to improve and enhance their ability to correlate various signals that may combine into an APT.
Numerous sources have alleged that some APT groups are affiliated with, or are agents of, nation-states. Businesses holding a large quantity of personally identifiable information are at high risk of being targeted by advanced persistent threats, including Although APT attacks are difficult to identify, the theft of data can never be completely invisible. Detecting anomalies in outbound data is perhaps the best way for an administrator to discover that his network has been the target of an APT attack.