Advanced persistent threats (APTs) are serious cyberattacks that can wreak havoc on your computer network, stealing valuable data and destroying data or hardware in the process.
These attacks typically come from nation states, but they’re not limited to governments: any hacker group with enough time and resources can use APT techniques to infiltrate your network, steal your secrets, and cause mayhem before you even know what’s going on.
Here’s a brief overview of what APTs are, how they work, and why you need to take extra security precautions.
To understand what advanced persistent threats are, it helps to look at their components.
First, they’re a threat – that is, a type of malicious activity (defined below).
Second, they’re advanced – that is, more complex and effective than run-of-the-mill malware attacks.
Third, they’re persistent – that is, these threat actors typically have access to networks for longer periods of time than most other attackers. And finally, all three elements together make up an APT attack.
Although advanced persistent threats have existed for decades, their use has evolved over time.
In 2011, Iranian attackers compromised computer systems of a small dam outside of New York City in a case of water-intrusion terrorism. From 2012 to 2014, North Korea’s cyber-warfare group – known as Bureau 121 – carried out several high-profile attacks against South Korean media outlets and banks to raise funds for Kim Jong Un’s regime.
More recently, from late 2015 through early 2016, a Russian hacking group known as APT28 targeted political groups ahead of America’s presidential election. According to security researchers at FireEye (Mandiant), targets included Hillary Clinton's presidential campaign, members of Congress and their staffers, think tanks associated with American policy makers and European governments including Germany, France and Poland.
The FBI blamed APT28 for hacking into Democratic National Committee computers; WikiLeaks released thousands of emails related to Clinton during her campaign. An earlier hack targeting Clinton allies was also thought to be tied to Russia by U.S intelligence officials; they said Russian hackers were responsible for leaking emails stolen from DNC officials during Clinton's primary race against Bernie Sanders.
All told, more than 1 billion records had been exposed worldwide in 2017 due to network breaches involving malicious software or vulnerable servers.
There are two main components to APTs. One, they tend to be more advanced than regular malware attacks and two, they typically persist on a system for days or weeks.
There are several reasons why these types of attacks are particularly dangerous. For one, they can stay on your computer or network undetected for long periods of time. Over that length of time, an attacker has a lot of time to extract information from your system or take control of other systems within your network.
Many large organizations have been compromised by APTs over a period as long as six months without even realizing it was happening until it was too late.
There are some telltale signs of a cyber attack to look out for, which you can use to stay one step ahead of advanced persistent threats.
Here are some tips on how to detect and deflect APT attacks. More importantly, here’s what we as cybersecurity experts recommend businesses do to mitigate them:
Promptly patch any software that has a bug or zero-day issue—since attackers target vulnerabilities in popular systems like Microsoft Windows and Apple’s OS X or mobile operating systems (think Android), it's important to always keep your systems up-to-date with security patches from these companies.
Educate employees on phishing emails, so they don't open suspicious emails which could lead to malware infections. Educate employees on social engineering attacks. There are several threats out there designed specifically for targeting businesses via their human capital, since people tend to be more trusting of other humans than machines when it comes to sensitive data breaches and transactions, according to Aberdeen Group .
Upgrade firewalls regularly so you have state-of-the-art protection against cyberattacks; as time goes by, hackers' tactics evolve, so make sure you have state-of-the-art defenses protecting your company against attacks over time.
You respond to APT attacks very differently than you respond to other types of threats. Remember, in other situations, it’s easy to see what’s happening.
You notice a suspicious email, a new device trying to connect to your network or someone else complaining that they were just hacked. But with APTs, it’s much harder because there are no out-of-the-ordinary events or symptoms.
In fact, if you’re getting attacked by an APT group, then everything will look just like business as usual. So how do you protect yourself against something that doesn’t even have any symptoms? That's why it's vital to use both detection and prevention methods when protecting against APTs; and prevention should be thought of as your first line of defense against attacks.
The key thing to remember with APTs, or any type of advanced attack, is that they are only successful because they exploit a vulnerability in your organization that you’re not aware of. To prevent attacks like these in the future, there are a few steps you can take.
First and foremost, you need to ensure that security controls and processes are in place before you have been attacked.
Second, conduct periodic risk assessments so new vulnerabilities will be easier to discover and fix. Third, run security drills so your IT team knows how to respond when something does happen—and make sure they are allowed (and encouraged) to actually follow through on those response procedures if it’s called for.
And finally, don’t panic!
