News / Blog
« Return to News

Advanced Persistent Threat (APT) Kill-Chain

According to Netswitch Technology Management, the Advanced Persistent Threat (APT) kill-chain looks like the following:

  1. Social Engineering: Identify individuals that have the needed access privileges.
  2. Spear Phishing: Attackers send spoofed e-mails with malicious links to download malware and infect high-value employee machines.
  3. Malware Infection: malware is downloaded on a system within the network, and starts spreading to compromise additional systems.
  4. Mapping: Once the hackers gain access to the network, they map it out to identify strategic assets.
  5. Privilege Escalation: Then, the hackers gain higher privileges to access additional resources.
  6. Spreading Deeper into the Network: Attackers install malware to hijack systems, establishing the functionality needed to communicate with a command-and-control center.
  7. Execution: The attackers activate the command-and-control infrastructure to transmit information from the targeted systems.


So, how do you protect against APTs? The short answer is you don’t, because:
  • Everyone falls for phishing scams at some point and none of them are aware they are downloading malware or providing their credentials to a malicious attacker
  • Infected systems don’t show noticeable changes or exhibit performance issues
  • These APTs exploit trusted “insider” account privileges
  • Attacks exploit internally trusted resources and communications
  • Activities are distributed across long periods of time making behavioral anomalies difficult to correlate
  • Malware can be dormant for months or years waiting for a triggering event

Companies must adopt the following foundational initiatives in order to provide just the basic protection for corporate resources and to establish a defense posture for mitigation:

  1. Vulnerability Assessment and Mitigation – it is critical for organizations to implement routine vulnerability assessments.
  2. User Rights Management – it is important to understand who has access to critical information.
  3. Risk Management – requires organizations to have a comprehensive view of critical assets and an understanding of where valuable information resides.
  4. Continuous Monitoring and Identification of Abnormal Activities – organizations need to monitor and analyze events to detect abnormal activities.
  5. Future Shock – as APTS are going to increase in volume and intensity over the next few years.
Posted by PhishingBox on 07/17/2016
Read More Phishing Facts | Take a Free Phishing Test