You may not have heard of Advanced Persistent Threats (APT) as often as phishing or malware attacks, but they pose an extremely high risk to organizations, especially to high-profile companies and governments.
Advanced Persistent Threats is the term used to describe a sophisticated and organized cyberattack often orchestrated by a group of skilled and well-resourced adversaries. These skilled threat actors are almost always nation-states and they intend to steal data and/or surveil systems over an extended period of time. The US National Institute of Standards and Technology (NIST) states that an APT is:
“An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat:
- Pursues its objectives repeatedly over an extended period of time
- Adapts to defenders’ efforts to resist it
- Is determined to maintain the level of interaction needed to execute its objectives”
APTs have distinguishing characteristics, such as:
- Specific targets and clear objectives
- Highly organized and well-resourced attackers
- A long-term campaign with repeated attempts
- Stealthy and evasive attack techniques
Additionally, there are various phases of an APT attack, which may include reconnaissance and weaponization, delivery, and data exfiltration.
What can you do to reduce the risk associated with Advanced Persistent Threats?
There is no single solution to protect organizations from these types of attacks. APTs are extremely complex and covert, which means organizations need to create a multi-layered defense. Some of the wide range of defense in depth strategies organizations should adopt are:
- Security Awareness Training: Since APT campaigns utilize a wide range of social engineering techniques, it’s extremely important for organizations to receive security awareness training
- Traditional Defense Mechanisms: These mechanisms, such as firewalls, anti-virus software, etc, block known attack vectors, making it more difficult for APT actors.
- Advanced Malware Detection: The ability to detect advanced malware is extremely important for defense against APTs because they often leverage zero-day exploits or custom-developed evasive tools that bypass traditional defenses. Sandboxing execution is a proven technique for analyzing malware’s behavior, which allows defenders to identify unknown advanced malware.
- Event Anomaly Detection: Traditional signature-based defense mechanisms would not be an effective defense mechanism against APTs, because there are no “known bad” patterns that organizations could target. Since APT actors are extremely stealthy, organizations are better off if they study normal behavior and search for anomalous activities. This means searching for irregular or suspicious activities and can typically be obtained by machine learning.
- Data Loss Prevention: A common goal of an APT attack is stealing valuable data from an organization’s network. To help combat this, a data loss prevention (DLP) solution can be deployed as the last line of defense to protect against exfiltration.
- Intelligence-Driven Defense: APT actors are very purposeful and typically launch attacks against their targets. To help combat this, organizations can create an intelligence feedback look. By leveraging knowledge about these threat actors, organizations can better identify patterns from previous attempts, understand their techniques, and then implement countermeasures. Ultimately, an intelligence-driven defense can help reduce the risk of future threats.
How can SecurityScorecard help?
SecurityScorecard provides organizations with the necessary visibility into their cybersecurity posture and valuable context to remediate possible exploits. By understanding potential weaknesses across 10 different risk factor groups, organizations are enabled to remove issues that may be exploited by threat actors, making their job harder.
SecurityScorecard’s Investigation & Analysis team is committed to providing organizations with global, trusted, and relevant insights through various extensive analyses. Not only does this team of experienced threat researchers operate one of the largest sinkholes, but they also conduct various analyses to find exploits that are being used by malware. One of these extensive analyses has enabled SecurityScorecard to identify Common Vulnerabilities and Exposures (CVEs) that may be potentially targeted by APTs. With this information, SecurityScorecard works with its users to ensure they have the proper information to address these threats.