Advanced Persistent Threats (APTs) are security threats that use advanced techniques to hide their attack from their target. They are commonly used to target specific information in high-profile companies and governments. APTs usually follow a long-term strategy of attack in order to gather information from the breached system. There have been many examples of APTs over the years targeting well known organizations. In 2013 the Mandiant report revealed evidence that a specific Chinese military unit has been behind many major Advanced Persistent Threats (APTs) within the United States. Since then APTs have been used against large companies including Yahoo, Google, Northrop Grumman, and many others. One of the most complex APTs in recent years was the Stuxnet computer worm (“Stuxnet: Advanced Persistent Threat – Ran Levi,” n.d.), which targeted Iran’s nuclear program.
APTs impact cybersecurity due to their very advanced stealth nature. Traditional defenses aimed at keeping known threats out of the network are no longer sufficient against these types of attack. (Tankard, 2011) lays out a solid framework for protection against these types of threats. In order to mitigate against APTs, organizations should develop procedures to understand as much as possible about their own network traffic and services running on their network. Information gathering is essential of their own infrastructure in order to properly defend against APTs. They should implement proper log configuration and analysis as well as file integrity checks. Finally procedures should be put in place to effectively integrate intrusion detection systems, coupled with ongoing vulnerability assessments. APTs will no doubt continue to grow in complexity and target larger and more critical organizations and infrastructure. Organizations should continue to evaluate their own security posture and update policies and procedures to better protect themselves.
Image Credits: Photo by G. Crescoli on Unsplash.