Advanced persistent threats (APTs) are sophisticated attacks that can have destructive consequences. The National Institute of Standards and Technology (NIST) has defined an APT as, “An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g., cyber, physical, and deception) to generate opportunities to achieve its objectives, which are typically to establish and extend footholds within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or to undermine or impede critical aspects of a mission, program, or organization, or place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives.”1
Prime targets for APTs are often high value targets such as large corporations or governments, but small-to-medium sized business can also be targeted as well, sometimes as means to gain access to a larger organization further up on a supply chain. The ultimate goal of APTs is stealing information over a long period of time. APT cyberattacks gain ongoing access to a system through these five stages:
- Access. Cyberattackers may gain access to a system through malware that they insert via a network, application vulnerability, infected file, or phishing email.
- Installation. Cyberattackers install malware that establish a network of backdoors and tunnels where they can move throughout a system, evading detection. The malware often employs features such as code-rewriting to cover up the tracks of the cyberattackers.
- Depth. Cyberattackers use methods such as password cracking, using trial-and-error methods to work through all possible combinations until a password is revealed, in order to gain access to administrator privileges so that they can deepen their control over the system.
- Breadth. Cyberattackers leverage the administrator privileges to gain access to more distant parts of the network, such as servers or other secure parts of the network.
- Synthesis. With broad access to the system, cyberattackers are able to form a complete understanding of how the system works and where its vulnerabilities are. Cyberattackers may choose to remain and continue to extract information, or they may retreat once a specific objective has been achieved. If they do retreat, they often leave a back door open.
Protect yourself against APT cyberattacks by: installing a firewall, enabling web application firewall, installing antivirus software, implementing intrusion protection systems, creating a sandboxing environment, installing a VPN, enabling email protection, and training employees on cybersecurity best practices.
1 NIST, 2021, “Computer Security Resource Center: Glossary”