An Advanced Persistent Threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal sensitive data over a prolonged period of time. APT attacks are carefully planned and designed to infiltrate a specific organization, evade existing security measures, and fly under the radar. Adversaries are typically well-funded, experienced teams of cybercriminals that target high-value organizations. The goals of APTs fall into four general categories: cyber espionage, eCrime for financial gain, hacktivism, and nation-state sponsored.
To prevent, detect, and resolve an APT, it is important to recognize its characteristics. Most APTs follow the same basic life cycle of infiltrating a network, expanding access, and achieving the goal of the attack, which is most commonly stealing data by extracting it from the network. The major danger of APT attacks is that even when they are discovered, the immediate threat appears to be gone, but the attackers may still have access to the system.
To defend against APT activity, organizations can implement fundamental cybersecurity practices, such as Cyber Performance Goals (CPGs), which provide a baseline of cybersecurity practices that can meaningfully reduce the likelihood and impact of APT activity. Cybersecurity advisories are also regularly published to cover APTs. Detecting anomalies in outbound data is perhaps the best way for cybersecurity professionals to determine if a network has been the target of an APT attack.
In summary, APTs are a type of cyberattack that is carefully planned and designed to infiltrate a specific organization, evade existing security measures, and steal sensitive data over a prolonged period of time. They are executed by coordinated human actions, rather than by mindless and automated pieces of code, and are typically carried out by well-funded, experienced teams of cybercriminals that target high-value organizations. To defend against APT activity, organizations can implement fundamental cybersecurity practices, such as Cyber Performance Goals (CPGs), and regularly publish cybersecurity advisories that cover APTs.
