The Advanced Persistent Threat:
THE ANATOMY OF AN ATTACK
Featuring commentary from Dr. Doug White of Roger Williams University
Not too long ago, it seemed that almost everybody knew how they should
secure their IT infrastructure based on fairly well-defined market standards.
However, today’s organizations need to be prepared for an increasing number
of attacks on their networks and IT infrastructure, as technology assaults have
been rising in both frequency and severity over the years.
As a result, many organizations are changing
attack that is designed to spread, transform
their approach to network security. With new
and ultimately hide within the IT infrastruc-
threats constantly emerging, organizations
ture. The defensive tools and procedures put in
must be aware of what is happening on a daily
place to handle more common security threats
basis. In this piece, we will examine the anato-
are often ineffective because the agents of a
my of an Advanced Persistent Threat attack as
targeted APT attack require a high degree of
an example of one of the more ominous threats
stealth over long periods of time and are fo-
to your critical technology assets.
cused on a specific target. As such, they are
The Advanced Persistent Threat
able to customize and adapt their tactics and
techniques to evade standard security controls
An Advanced Persistent Threat (APT) is a
and incident response practices to avoid detec-
continuous network attack targeting key users
tion.
within an organization in which an unauthor-
The primary targets of an APT attack are typi-
ized party gains access, and often remains
cally organizations with a large amount of sen-
undetected for a long period of time. Once a
sitive information. Recent data suggests that
network has been infiltrated in an APT, DNS
servers are used to contact remote command
centers and download instructions.
...[APT] is a type of attack that is
The intent behind this type of attack is often to
designed to spread, transform
steal highly sensitive data such as trade secrets,
financial information, intellectual property,
and ultimately hide within the
IT infrastructure.
state and military documents, source code,
and any other valuable material rather than to
cause damage to the network, and therefore
represents a serious threat to an organization’s
financial health and reputation — and even a
nation’s security.
Attackers use APTs because they can overcome
APT attacks are expected to spread into many
industries, including healthcare, education/universities, government, and IT, but in reality —
every organization could be a potential target
for APTs.
traditional modes of protection; it is a type of
6
|
CURRENT 2015-2016
Stronger Together
|
7