IT Security Advanced Persistent Threats
An advanced persistent threat is a big term used to define an attack in which an invader, or team of invaders, establishes an illegal, long-term presence on a network in order to mine highly sensitive data.
The targets of these attacks, which are very carefully chosen and researched, typically include large enterprises or governmental networks. The significances of such intrusions are huge:
Intellectual property theft such as patents, etc.
Compromised sensitive information.
The damaging of critical organizational infrastructures.
Total site takeovers.
For executing an APT attack requires more resources than a normal web application attack. The culprits are usually teams of experienced cybercriminals having substantial financial backing. Some APT attacks are government-funded and used as cyber warfare weapons.
ADVANCED PERSISTENT PROGRESSION
A successful APT attack can be cracked down into three stages
- Network infiltration,
- The expansion of the attacker’s presence and
- The extraction of amassed data.
INFILTRATION
Organizations are typically infiltrated through the compromising of one of three attack surfaces: web assets, network resources or authorized human users.
This is achieved either through malicious uploads or social engineering attacks—threats faced by large organizations on a regular basis.
Additionally, at the same time infiltrators may execute a DDoS attack against their target. This serves both as a smoke screen to distract network personnel and as a means of failing a security perimeter, making it easier to breach.
Once the initial access has been completed, attackers quickly install a backdoor shell—malware that grants network access and allows for remote and stealth operations.
EXPANSION
After the base is established, attackers move to expand their presence within the network.
This involves moving up an organization’s hierarchy, compromising staff members with access to the most sensitive data. In doing this, they are able to gather critical business information.
Depending on the final attack goal, the collected data can be sold to a contending enterprise, altered to damage a company’s product line or used to take down a complete organization.
EXTRACTION
While an APT event is ongoing, the lost information is usually stored in a secure location inside the network being assaulted. Once sufficient data has been collected, the thieves need to extract it without being detected.
Typically, white noise tactics are used to distract the security team so the information can be moved out. This might take the form of a DDoS attack, again tying up network personnel and/or weakening site defences to enable extraction.
MEASURES
Below are the best practice measures to take when securing your network:
- Patching network software and OS vulnerabilities as fast as possible.
- Encryption of remote connections to stop invaders from piggy-backing to infiltrate your site.
- Cleaning incoming emails to prevent spam and phishing attacks targeting your network.
- Immediate logging of security events to improve whitelists and other security policies.