Avoiding the Cyber Sting – Advanced Persistent Threat

The Advanced Persistent Threat is just a variation on a good old sting
The Sting – if remade today would probably depict an Advanced Persistent Threat

To any one over the age of forty, who will have almost certainly seen the 1973 film The Sting starring Robert Redford and Paul Newman, you will not find the concept behind the Advanced Persistent Threat (APT) too difficult to grasp, of course if you are younger you may have to ask your parents.

Substitute shady Eastern European characters with computers, for Newman and Redford with a protracted ingenious and complicated master plan for the infiltration your network, culminating with the pay off or sting. We not only have the screen play for the remake of The sting for a computer age audience but also a fair description of how an Advanced Persistent Threat unfolds, a bit simplistic, maybe but all of the components are there.

Complicated, planned, flexible and evolving with a definite pay off at the end. Until relatively recently APTs have been the province of government sponsored espionage and spying activities, recent evidence suggests that the Advanced Persistent Threat is now being adopted by organised crime gangs specialising in Cyber Crime.

How a Typical Advanced Persistent Threat may unfold

The hook
Spear Phishing through email or social media

Reconnaisance – The attacker gathers information on the target from a number of sources which may include social media.

Incursion – Attackers gain access to the network using methods such as Social Engineering, often a Spear Phishing attack may be the chosen route.

Discovery- The attackers adopt a low and slow policy to avoid detection and attempt to map the victims network and defences from the inside, with the information gathered they create a battle plan. The strategy will often be to deploy multiple and parallel ploys to gain the objective. Attackers may mine personal information on key individuals within an organisation to make the Social Engineering attack more targeted

The setup
Your network is infiltrated using a low and slow strategy to avoid detection.

Capture – The attackers infiltrate systems and capture data over an extended period. Malware may be installed to carry out functions such as screen / keystroke capture and possibly disruption.

Exfiltration – The captured data is sent back to the command centre responsible for the attack, for analysis and exploitation

Pesistence – The attackers cover their tracks while remaining present on the network in the long term to capture new data as it is produced by the victim organisation.

Advanced Persistent Threats have definate objectives
Multiple parallel strategies are pursued all targeted at gaining the objective, access to your data.

The Payoff – The attack is orchestrated and managed by a central control who have access to and deploy the full range of tools. Spear phishing, hacking, zero day malware and rootkits may all be part of the arsenal deployed to achieve the desired goal. Because of the sophistication of the APT threat and the determination and persistence by which the goals are pursued the traditional approach to network defence will no longer suffice.

The Conclusion

When faced with the possibility of  the Advanced Persistent Threat, you will require advanced products such as Cyber Spears Persistence that provide re-assurance and early intervention in the event of a breach as it monitors your network on your behalf 24/7 365 days a year.

Leave a Reply

Your email address will not be published. Required fields are marked *