• SecureDisruptions

Advanced Persistent Threats - Part 2

This blog is in continuation to the the part 1 blog.


APT attacks are only interested in two things :


1. Intelligence gathering - Illegal mining of information from a network

2. Data Exfiltration - Unauthorized data transmission to external locations, where it's controlled, Encrypted under the attacker's control.

APT can, therefore, is seen as multi-phase attacks, involving the penetration of illegal entry Into an individual or organization network and probing for valuable data, information, and other vulnerabilities. The government can also finance an APT attack or attacks. They do this when they wish to source for information from other countries and also to influence the public interest of the target country. The most amazing thing about APT is their ability to ghost themselves completely in a network without being noticed. An average APT can last months in a system while doing numerous damages to the recipient organization in stealing data and trading secrets. Advanced Persistent threats still represent an ongoing danger to organizations, government agencies, and individuals.


Simply put, APTs are often characterized by their sustained, sophisticated and their multi prolonged efforts to gain access to an organization's networks and computers. They use advanced techniques like Anti-sandboxing, Polymorphism, and multiple stage payloads to avoid being detected.

APT Should be considered as a much higher level of threat, as it differs from other types of malicious attacks. Contrary to some malicious cyber agents that produce quick damaging attacks, APTs take stealthy and more strategic approach. Attacks infiltrate the system via malware like phishing or Trojans, after which their attack software is stealthily planted into the entire system network. This action can last months or even years before they're detected.

Advanced Persistent Threats
Advanced Persistent Threats


Perhaps defining the initials one after the other will create a better understanding of the term because each initial denotes an idea that makes up the whole.


A – Stands for Advanced. When we talk about the advanced, we're talking about something that supersedes the normal ones. They often combine multiple targeting tools and methods to reach a targeted network or computer. And since they're that advanced, it takes time for them to be developed, and costs a huge amount of money to produce.


P – Stands for Persistent. That is, having and being persistent on an objective or a target. Rather than seeking information from various sources, APT hackers have clear objective/specific tasks Because they're guided by external entities.

T – Stands for Threat. Regardless of form or type, APT is always a threat to information security.

LIFE CYCLE OF AN ADVANCED PERSISTENT THREAT


The longer APT stays in a network, the more it manifests itself. Like every known organism, APT also follows a consistent life cycle to infiltrate and operate inside an organization. In targeted attacks, the APT life cycle follows a continuous process of six key phases which are:


(1) Intelligence Gathering - This cycle involves the identification and research carried out on a target using public sources ( Social media, etc.). This prepares them for an attack.


(2) Point of Entry - This means the delivery of zero-day malware using social engineering. (E.g. Emails). A backdoor is then created and information can then be siphoned away.


(3) Command & Control (C&C) Communication - This refers to the communication used throughout an attack to instruct and control the malware used.


(4) Lateral Movement - This is a cycle Where the original attack has compromised additional machines. This means that when the APT has spent a long time on the network, the hacker can control the network beyond his initial target. It means, the longer the APT stays on the network, the more it grows.


(5) Asset/Data Discovery - This involves the use of techniques to scout for servers that hold the information of interest.


(6) Data Exfiltration - This is the last stage and it involves unauthorized data transmission to external locations without leaving behind a single trace.


Please keep visiting this website to check the subsequent parts of the article.