Advanced Persistent Threat (APT)
The world of cybercrime is divided into tiers and levels much like the world of real-world crime. Just as there are pickpockets and shoplifters at one end of the scale and global terrorists at the other, there also run-of-the-mill cybercriminals who engage in small, ham-handed criminal acts and global powerhouses. Just like there are crime syndicates that join forces to commit larger or global-scale crimes, there are also cybercriminal organizations that are capable of wreaking massive scale havoc on the largest businesses and government organizations.
Needless to say, the more powerful an organization or government is, the more they have to protect. The more they have to protect, the better their security and the harder cybercriminals work to get at it. Some cyberattacks are brute force attacks that are clear and easy to spot. Just because you can spot them, however, doesn't make them easy to defend against. Even brute force attacks occur for a range of reasons, however. In some cases, they are merely a distraction for another subtle, more insidious attack occurring elsewhere and in others, they are committed for the purposes of a type of digital "smash-and-grab." The goal is to simply penetrate cyber defenses for as long as possible to download whatever they can for as long as they can keep the gates open.
In many cases, cybercriminals don't even know what they are getting their hands on, they just know that the more secure a site is, the more likely it is to contain sensitive, vital or valuable information. In some cases, they may end up with a mother lode of valuable information, while in others they may end up with lunch menus or government shopping lists.
Advanced Persistent Threat APT Examples
Unlike brute force attacks, which are often dependent as much on luck or timing as anything else, advanced persistent threats are a far greater challenge for those tasked with digital security. An advanced persistent threat is generally a carefully planned and well-executed attack orchestrated by a larger organization against a larger organizational entity that can sometimes spend months in development and even continue on for years.
The best way to think of an advanced persistent threat is to think of the kind of planning and coordination that goes into planting or establishing a sleeper cell of foreign or enemy agents into an organization. Such an endeavor might take months or even years of planning and may also not be discovered for years or even decades. Over time, they can gain access to sensitive information, financial records and possibly even direct access to the organization's finances.
Just like with a sleeper cell, detecting an advanced persistent threat can be all but impossible. Even if you expose or identify one element, that doesn't mean you can easily eradicate the threat. Conversely, however, many advanced persistent threats have a specific aim, goal or target in mind. Just like in real-world operations, most APT's are dependent on a very detailed sequence of events. Anyone who has ever watched classic heist movies like Ocean's 11 or The Sting will understand the delicate precision necessary to carry out an APT. In most cases, if any one thing goes wrong or one element of the plan is neutralized, the entire plan falls apart.
One of the most famous examples of an APT was carried out by two government entities against another. In 2010, U.S. and Israeli cyber forces developed a plan to slow down Iran's nuclear program. They accomplished this by introducing a specifically engineered virus called Stuxnet into the software that powered the centrifuges used to enrich the uranium. Without enriched uranium, their nuclear program became all but defunct. The beauty of Stuxnet is that it was programmed to target the very specific Siemens industrial control systems and CPUs used in very specific centrifuges that were even more specifically operating in Iran. Therefore, it was and would be of little value to anyone who did not have the specific aim of crippling a centrifuge operating in Iran. For that one purpose or task, however, it was deadly.
As happens with many types of crime, however, as the tools and methodologies become more prevalent, it also leaves smaller and smaller organizations more vulnerable to this type of attack. It is no longer only global entities that have the means to coordinate APT's, but rather smaller and smaller players are now learning from the playbooks of the major players. As major players develop more and more advanced weaponry, they also pass down their out-of-date weaponry to smaller players that can put it to use against smaller targets. The same way even small businesses and individuals can now be targeted with ransomware, the day may not be far off when even SMB's may be vulnerable to a wide range of APT's.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.