Last Updated on January 29, 2020 by Ashok Kumar
With so many cybersecurity threats for you to watch out for, it can be difficult to keep up with all the acronyms, methods and protection techniques. With that in mind, we have created this quick guide to a commonly referred to method of cybersecurity attack; Advanced Persistent Threats (APTs).
What is an Advanced Persistent Threat (APT)?
An Advanced Persistent Threat is a method of cybersecurity attack in which unauthorized access to data or systems is obtained by an individual or a group for an extended period of time. The goal of APTs is to remain undetected for as long as possible whilst infiltrating/exfiltrating as much sensitive data as possible. The motive behind an APT could be anything from simple financial gain to state-sponsored political maneuvering. Due to the high degree of covertness required to pull off a successful APT attack, such threats are usually highly targeted, meticulously planned in advance and using sophistical techniques.
The Advanced Persistent Threat (APT) Lifecycle
An APT attack typically lasts for a much longer time period and is far more complex than other attack methods. The typical lifecycle is broken down into 12 steps, as shown in the infographic below. However, they can be summarized simply into the following five processes:
- The Planning Stage: The attacker picks which organization to target and what the objectives of the attack are going to be. They will decide what they are going after, what their objective is and a timeline. They will also pick the method of attack and research the target thoroughly.
- Getting In: The objective in this phase is to get an initial foothold in the target environment. This can be done through a variety of methods that will have been researched and decided upon in the first stage. Some common methods of entry are spear phishing or brute force attacks.
- Get to the Target Data: Once inside the target environment, the next stage is to maneuver to the valuable data. This may involve moving laterally across the network, expanding access and obtaining credentials along the way.
- Deploy Tools: In this stage, the attacker can deploy additional tools to help fulfil the initial objective and strengthen their foothold within the environment.
- Retreat and Cover Tracks: In this stage, it’s likely that the objective will be to exfiltrate the valuable data and remain inside the network so that future campaigns can take place. All of this is to be done whilst remaining completely undetected.
Common Advanced Persistent Threat Attack Methods
APT attacks usually start off with any one of the below methods to gain an initial foothold in the target environment:
- Spear Phishing: The objective of spear phishing is to steal credentials from a specifically targeted individual that has been researched and planned. Spear phishing may be done through malware, keylogging, or cleverly worded emails.
- Social Engineering: Simply put, social engineering is the process of obtaining credentials through coercion and convincing. Using this method, there is no need to steal or guess the credentials, they can be obtained by preying on negligent employees.
- Rootkits: Rootkits can be hard to detect because they live very close to the root of the computer (as the name suggests). Rootkits can gain access to the desired systems and spread throughout the network, all whilst pretty successfully covering their tracks.
How to Defend Against Advanced Persistent Threats (APTs)
The best way to defend against APTs is through constant vigilance and a comprehensive data security strategy that involves a sophisticated data security platform. There are four main steps you can take to help defend against Advanced Persistent Threats:
- Know where your valuable data is: Ensure you are able to discover and classify sensitive data according to what the data is and the associated risk. Any new data created needs to be discovered and classified accordingly. Your most “at risk” data is probably the most likely target for APT attackers.
- See who has access to the data: Determine which of your users have access to this sensitive data and make sure that these individuals are aware of the risk from APTs and what to look out for.
- Monitor user and entity behavior: If you know what “normal” looks like for your user and entity behavior then it should be easy to spot anomalies in real time. Any kind of anomalous behavior needs to be looked at and appropriate action needs to be taken in as short a time as possible.
- Protect your environment: Your network and environment states need to all be optimized for security to ensure the protection of your data. Deploy firewalls, patch servers, update software, and clean up your key platforms.
Lepide’s Data Security Platform allows you to perform all the necessary data discovery, permissions analysis and UEBA functionality required to begin your management of Advanced Persistent Threats (APTs). For more information, schedule a demo with one of our engineers today.