To improve your cyber security and successfully prevent, detect and resolve advanced persistent threats, you need to know how APTs work:
- The cyber-criminal or threat actor gains entry through an e-mail, network, file or application vulnerability and inserts malware into an organizational network. The network is considered compromised, but not breached.
- The advanced malware probes for additional network access and vulnerabilities or communicates with command-and-control servers to receive additional instructions and/or malicious code.
- The malware typically establishes additional points of compromise to ensure that the cyberattack can continue if one point is closed.
- Once a threat actor determines that they have established reliable network access, they gather target data such as account names and passwords.
- The malware collects data on a staging server, then exfiltrates the data off the network and under full control of the threat actor.
- Evidence of the APT attack is removed, but the network remains compromised. The cyber-criminal can return at any time to continue the data breach.
Traditional cyber measures such as defense-in-depth, firewalls and antivirus cannot protect against an APT attack and leave organizations vulnerable to data breaches.