The Sting – if remade today would probably depict an Advanced Persistent Threat
To any one over the age of forty, who will have almost certainly seen the 1973 film The Sting starring Robert Redford and Paul Newman, you will not find the concept behind the Advanced Persistent Threat (APT) too difficult to grasp, of course if you are younger you may have to ask your parents.
Substitute shady Eastern European characters with computers, for Newman and Redford with a protracted ingenious and complicated master plan for the infiltration your network, culminating with the pay off or sting. We not only have the screen play for the remake of The sting for a computer age audience but also a fair description of how an Advanced Persistent Threat unfolds, a bit simplistic, maybe but all of the components are there.
Complicated, planned, flexible and evolving with a definite pay off at the end. Until relatively recently APTs have been the province of government sponsored espionage and spying activities, recent evidence suggests that the Advanced Persistent Threat is now being adopted by organised crime gangs specialising in Cyber Crime.
How a Typical Advanced Persistent Threat may unfold
Spear Phishing through email or social media
Reconnaisance – The attacker gathers information on the target from a number of sources which may include social media.
Incursion – Attackers gain access to the network using methods such as Social Engineering, often a Spear Phishing attack may be the chosen route.
Discovery- The attackers adopt a low and slow policy to avoid detection and attempt to map the victims network and defences from the inside, with the information gathered they create a battle plan. The strategy will often be to deploy multiple and parallel ploys to gain the objective. Attackers may mine personal information on key individuals within an organisation to make the Social Engineering attack more targeted
Your network is infiltrated using a low and slow strategy to avoid detection.
Capture – The attackers infiltrate systems and capture data over an extended period. Malware may be installed to carry out functions such as screen / keystroke capture and possibly disruption.
Exfiltration – The captured data is sent back to the command centre responsible for the attack, for analysis and exploitation
Pesistence – The attackers cover their tracks while remaining present on the network in the long term to capture new data as it is produced by the victim organisation.
Multiple parallel strategies are pursued all targeted at gaining the objective, access to your data.
The Payoff – The attack is orchestrated and managed by a central control who have access to and deploy the full range of tools. Spear phishing, hacking, zero day malware and rootkits may all be part of the arsenal deployed to achieve the desired goal. Because of the sophistication of the APT threat and the determination and persistence by which the goals are pursued the traditional approach to network defence will no longer suffice.
The Conclusion
When faced with the possibility of the Advanced Persistent Threat, you will require advanced products such as Cyber Spears Persistence that provide re-assurance and early intervention in the event of a breach as it monitors your network on your behalf 24/7 365 days a year.
Speak Your Mind