Geeks for your information
APT Attack: Everything You Need to Know to Keep Your Company Safe - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: Heimdal Security (https://www.geeks.fyi/forumdisplay.php?fid=130)
+----- Forum: Heimdal Security Blog Articles (https://www.geeks.fyi/forumdisplay.php?fid=138)
+----- Thread: APT Attack: Everything You Need to Know to Keep Your Company Safe (/showthread.php?tid=14728)



APT Attack: Everything You Need to Know to Keep Your Company Safe - harlan4096 - 04 April 21

Quote:
[Image: MicrosoftTeams-image-1-11.png]

Advanced Persistent Threats Are Some of the Most Complex Cyberattacks. Learn What an APT Attack Is and How to Prevent It!

APT stands for Advanced Persistent Threat. Behind an APT attack there usually are some highly skilled hackers that have very specific targets and a “low-and-slow” approach when it comes to directing and executing their misdemeanours. Read on to find more!

Examining the APT Attack Machinery: DefinitionAs defined by CompariTech, an
 
Quote:advanced persistent threat (APT) is a sophisticated, long-term and multi-staged attack, usually orchestrated by nation-state groups, or well-organized criminal enterprises. The term was initially used to describe the groups behind these attacks, but its common usage has evolved to also refer to the attack styles we see from these types of threat actors.

Most of the times, APT actors aim for getting access to: 
  • classified information – this may include government documents, financial records, military plans and so on. 
  • intellectual-property – this is usually the target of industrial espionage, which can be interested in trade secrets and other sensitive information that can be used by competitors or nation-states. 
  • personal information or databases – health records, financial details and other types of personal information can be used in a variety of cybercrimes. 
  • ongoing communication – ATP threat actors are interested in communication between high-value targets – they want to find out about plans or personal information that can be used for blackmailing.
Examining the APT Attack Machinery: Stages

The stages of an APT attack can be grouped into 4 or 5, with different terminology. Let us have a closer look. 

 1. The Initial Access

As you can imagine, in this stage the ATP attackers get access to their target network, which is usually done by an application vulnerability, a phishing email or a malicious attachment. At this point, the attackers aim to plant malware into the network, which is, consequently, compromised but not breached. 

2. The Malware Deployment

Next, the planted malware starts looking for network vulnerabilities, communicating with its external command-and-control servers and waiting for instructions on how to exploit what it finds. 

3. The Access Expansion

At this point, the planted malware continues to search and detect vulnerabilities that it uses to find new entry points as backups for the old ones, in case they become inaccessible. 

4. The Exploration of the Assets

By this stage, the attackers had established long-term and reliable network access, so the malware looks for sensitive assets like user credentials and sensitive data files that can be stolen.  

5. The Data Collection and Transfer

In this final stage, the stolen data stored on a staging server is exfiltrated to an external server, so the target networks are breached. The attackers won’t forget to cover their tracks so they can repeat the process later. 

Examining the APT Attack Machinery: Signs / Characteristics

ATP actors use sophisticated means to hide their presence, but there will still be some signs that can raise suspicions. Here are the indicators that may help you recognize an ATP attack: 

Unexpected logins

If you detect an unexpected volume of logins outside working hours, an ATP attack might be ongoing. Attackers might have stolen credentials and use them in different time zones or during the night to avoid being noticed. 
...
Continue Reading