News / Blog
« Return to News

Advanced Persistent Threat (APT) Kill-Chain

According to Netswitch Technology Management, the Advanced Persistent Threat (APT) kill-chain looks like the following:

  1. Social Engineering: Identify individuals that have the needed access privileges.
  2. Spear Phishing: Attackers send spoofed e-mails with malicious links to download malware and infect high-value employee machines.
  3. Malware Infection: malware is downloaded on a system within the network, and starts spreading to compromise additional systems.
  4. Mapping: Once the hackers gain access to the network, they map it out to identify strategic assets.
  5. Privilege Escalation: Then, the hackers gain higher privileges to access additional resources.
  6. Spreading Deeper into the Network: Attackers install malware to hijack systems, establishing the functionality needed to communicate with a command-and-control center.
  7. Execution: The attackers activate the command-and-control infrastructure to transmit information from the targeted systems.


So, how do you protect against APTs? The short answer is you don’t, because:
  • Everyone falls for phishing scams at some point and none of them are aware they are downloading malware or providing their credentials to a malicious attacker
  • Infected systems don’t show noticeable changes or exhibit performance issues
  • These APTs exploit trusted “insider” account privileges
  • Attacks exploit internally trusted resources and communications
  • Activities are distributed across long periods of time making behavioral anomalies difficult to correlate
  • Malware can be dormant for months or years waiting for a triggering event

Companies must adopt the following foundational initiatives in order to provide just the basic protection for corporate resources and to establish a defense posture for mitigation:

  1. Vulnerability Assessment and Mitigation – it is critical for organizations to implement routine vulnerability assessments.
  2. User Rights Management – it is important to understand who has access to critical information.
  3. Risk Management – requires organizations to have a comprehensive view of critical assets and an understanding of where valuable information resides.
  4. Continuous Monitoring and Identification of Abnormal Activities – organizations need to monitor and analyze events to detect abnormal activities.
  5. Future Shock – as APTS are going to increase in volume and intensity over the next few years.
Posted by PhishingBox on 07/17/2016
Read More Phishing Facts | Take a Free Phishing Test
View our Security Awareness Training for Employees

Protect Your Employees!

Try our Phishing Simulation Software

Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.


Phishing Alerts

Learn about recent security breaches that involve phishing and receive security tips and tricks to protect your business.

* indicates required