Advanced Persistent Threat (APT) campaigns comprise a growing part of the current threat landscape. Some APT campaigns remain active, in fact, even after drawing extensive media attention. APT Campaign routines may vary over time but their primary goal remains the same – to gain entry to a target organization’s network and obtain confidential information.
There are two ways to look at an Advanced Persistent Threat (APT): Apt as a thing and APT as people. On one hand, an Advanced Persistent Threat refers to a highly precise sort of cyberattack. On the other hand, Advanced Persistent Threat can refer to the groups, often state sponsored or well-funded in other ways, that are responsible for launching such precision attacks. Advanced Persistent Threat (APT) usually refers to a group, such as a government, with both the capability and the intent to target, persistently and effectively, a specific entity. Advanced Persistent Threats (APTs) are a cybercrime category directed at business and political targets. APTs require a high degree of stealthiness over a prolonged duration of operation in order to be successful. The attack objectives therefore typically extend beyond immediate financial gains and compromised systems continue to be of service, even after key systems have been breached and initial goals reached.
An Advanced Persistent Threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by humans targeting a specific entity. An APT usually targets organizations and/or nations for business or political motives. APT processes require a high degree of covertness over a long period of time. The end goal on an APT-style attack is to compromise a machine on which there is some sort of valuable information. Instead of targeting the CEO, APT groups often choose to target some lesser employee, like a copy-writer or graphic designer, who may not have particularly valuable information on his or her machine, but is on the same network as computers with valuable data and could potentially be used as a stepping stone toward infecting valuable machines. Thus, compromise the copy-writer’s machine and use his or her e-mail address to spear-phish the CEO. Well funded APT adversaries do not necessarily need to breach perimeter security controls from an external perspective. They can, and often do, leverage “insider threat” and “trusted connection” vectors to access and compromise targeted systems.
Spear phishing continues to be a favored means by APT attackers to infiltrate target networks. In a typical spear-phishing attack, a specially crafted e-mail is sent to specific individuals from a target organization. The recipients are convinced through clever and relevant social engineering tactics to either download a malicious file attachment or to click a link to a malware or an exploit-laden site, starting a compromise.
Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.