An advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. Advanced persistent threats are particularly dangerous for enterprises, as hackers have ongoing access to sensitive company data. Advanced persistent threats generally do not cause damage to company networks or local machines. Instead, the goal of advanced persistent threats is most often data theft.
Advanced persistent threats typically have several phases, including hacking the network, avoiding detection, constructing a plan of attack and mapping company data to determine where the desired data is most accessible, gathering sensitive company data, and exfiltrating that data.
Advanced persistent threats have caused several large, costly data breaches and are known for their ability to fly under the radar, remaining undetectable by traditional security measures. What’s more, advanced persistent threats are becoming increasingly common as cyber criminals look to more sophisticated measures to achieve their goals.
HOW ADVANCED PERSISTENT THREATS WORK
Advanced persistent threats use a variety of techniques to gain initial access to a network. Attackers may use the internet to deliver malware and gain access, physical malware infection, or even external exploitation to gain access to protected networks.
These attacks are different from many traditional threats, such as viruses and malware that exhibit the same behaviour consistently and are repurposed for attacking different systems or companies. Advanced persistent threats do not take a general, broad approach; instead, they are carefully planned and designed with the goal of attacking one specific company or organization. Therefore, advanced persistent threats are highly customized and sophisticated, designed specifically to get around the existing security measures in place within a company.
Often, trusted connections are used to gain initial access. This means attackers may use employees’ or business partners’ credentials obtained through phishing attacks or other malicious means. This aids attackers in the important goal of remaining undetected long enough to map the organization’s systems and data and devise a strategic plan of attack to harvest company data.
Malware is critical to the success of an advanced persistent threat. Once the network is breached, malware has the capability to hide from certain detection systems, navigate the network from system to system, obtain data, and monitor network activity. The ability for attackers to control an advanced persistent threat remotely is also key, enabling criminals to navigate throughout the organization’s network to identify critical data, gain access to the desired information, and initiate the extrapolation of data.