What are Advanced Persistent Threats (APTs)?

Written By Todd Mitchell

The most current example of an APT is the SolarWinds hack that is affecting many large companies and most Federal agencies. The hack was going on for 6 months in 10,000+ companies before being discovered!

Advanced Persistent Threats (APTs) are a deliberate, small scale, slow paced attack to infiltrate a network and steal data. They are not designed to cause damage or shut down a network, therefore they are difficult to detect. Signature based detection systems are not able to see enough activity to identify the APT (Friedberg, 2015). If an organization keeps excellent logs it is easier to determine the threat and how long it has been in place (Auty, 2015).

APTs impact the intellectual property and database contents. It is difficult for Americans to imagine because of our culture, but in nations where everything belongs to the government and is shared have a completely different view of intellectual property (IP) rights. In some of these nations it is considered a great business decision to spend $500 thousand on a team of full-time hackers to steal IP worth $2 million (Auty, 2015).

In order to mitigate an APT attack, the organization must have a very well-defined baseline of normal traffic patterns on their network. Then with contestant analysis to flag any abnormal activity you can more easily and more quickly spot an attack (Brewer, 2014). I would recommend the following:

1.            Base lining normal traffic patterns

2.            Passive monitoring of the entire network (legs and nodes) continuously

3.            Auditing of logs to look for anomalies and inconsistencies

References:

Auty, M. (2015). Feature: Anatomy of an advanced persistent threat. Network Security, 201513-16. doi:10.1016/S1353-4858(15)30028-3

Brewer, R. (2014). Feature: Advanced persistent threats: minimising the damage. Network Security, 20145-9. doi:10.1016/S1353-4858(14)70040-6

Friedberg, I., Skopik, F., Settanni, G., & Fiedler, R. (2015). Combating advanced persistent threats: From network event correlation to incident detection. Computers And Security, 4835-57. doi:10.1016/j.cose.2014.09.006

Todd Mitchell
Previous

Do you have a Cybersecurity Policy or Plan?
Next

Why do I need a Business Continuity Plan?