top of page
Search

All about APT (Advanced Persistent Threat)

  • Writer: Tanha Patel
    Tanha Patel
  • Jun 11, 2019
  • 4 min read

Updated: Jun 15, 2019


APT

It is sophisticated type of cyber-attack. In which there is an intruder or team of intruders who have unauthorized access to our system (network). They remain undetected for long periods sometimes for many years. They don’t harm or damage our system at all, but they are data thefts, they steal systems data. Thus only data breach occurs. They don’t keep their eye on everyone or anyone instead they have specific targets like governmental authorized networks, some military organizations, etc. They target such organizations who possess confidential and secret information.


The intruder’s life is all about viruses, Trojans, bugs, etc. They mainly use phishing technology, malware attacks, spam mails. They are basically hackers, who hacks the targeted systems around the world.


Data Breach

Characteristics:

  • Intellectual and skilled

  • Fixed objective(targets)

  • Their patience

  • Focused




Techniques Used:

Spear Phishing mails and social engineering are typically fake through which some harmful malware get installed in our systems.


Virus and bugs infects our system. They are malicious programs and codes, specially developed to ruin and alter the working of systems.


Trojan horses are of three kinds. But for APT attacks Backdoor Trojans have been used. They allow third parties to access our system unnoticeably and can download more malware to our systems.


Zero-Day exploitation are used. They refer that we have zero-day to work for the given task. The hackers install all the basic and necessary malware at the time they decided. Which doesn’t gives chance to the system to release security patch before hackers exploits the system.


How APT works:

First they try to enter our system. They mainly focus on social engineering and spear phishing techniques. They create some similar websites which are most likely to be visited by the employees of targeted companies (organizations). Such websites are transcribed with bugs. So when someone opens that corrupted websites the hackers get easy access to targeted systems. Else they send some spear phishing emails.


As they get access to system they try to establish foothold. They install some kind of backdoor Trojans. Such Trojans helps them to move unnoticeably among the system. Gets access to credentials (crack passwords) so that if anyone changes password then also they can access there devices.


Now they get access to systems so they start encrypting and bundling for easy exfiltration. Then start expanding their network laterally towards administrator access.


After collecting all necessary information as their task is on the verge of completion they harvest data and transfer it into their own system. Their motive is just to steal data not to damage the system, but after completion of data breach the Trojans resides in our system through which they can access our system again in future if needed.


Detection of intruders

Detection:

  • Increased late night activities

  • Flow of data changes

  • Odd behavior of network

  • Increased Log-on's

  • Unnecessary creation of bundles of data


Prevention:

  • Network monitoring

  • User behavior analytics

  • Deception technology

  • Install Firewall/antivirus

  • Install VPN

  • Traffic monitoring

  • Enable email protection

  • Deploy Anti-virus software's

  • Create sandboxing environment

  • Application and domain whitelisting


APT Solutions:

APT attacks are increasing day-by-day thus there are many vendors providing security against such attacks. They help keeping our system safe. So below are some name of vendors helping to detect ans prevent APT attacks:


Solution for APT

Barracuda

Cisco

Fidelis

FireEye

Forcepoint

Kaspersky

McAfee

Red Canary

Symantec

Sophos

Trend Micro

Webroot


Victims:

Most of victims are commercial organizations and defense industrial base. APT targets the organizations who are more connected to military (defense) and common peoples. They target multi-national companies for competition purpose. 


Percentage of victims

Some examples:

  1. Moonlight Maze: In 1999, APT attack has been detected for the very first time. It is arranged by Russia. The victims is U.S. They have carried out this attack in order to collect the information of new military technologies emerging out in U.S. The technologies used were specific backdoor code, called LOKI2.

  2. Titan Rain: In 2003, U.S. again become victim of such threat but this time the attackers where located at China. Military, NASA, FBI are the sectors whose systems have been hacked. Zero-day vulnerability techniques were used also the browser Google has been hacked in order to monitorize the websites used.

  3. Sykipot: In 2006, government agencies, defense contractors, telecommunication companies belonging to U.S. and U.K. become victims. Spear phishing emails and zero-day exploits were used.

  4. GhostNet: In 2009, China attacked government ministries and embassies from around 100 different companies. Computers has been converted to listening ans recording devices using audio recorders.

  5. Fighter-Jet Project Breach: In 2009, some unknown computer spies located in China attacked military industrial bases for stealing information about electronics and internal maintenance based in U.S. Thus, fortunately the most sensitive and important data of multi-billion project has kept offline to protect it.

  6. Stuxnet Worm: In 2010, Iran become the victim of an APT attack in which the infected sectors were Iranian Industrial Infrastructure, SCADA (Supervisory Control And Data Acquisition). The attackers used worms to exploit the system, they are not connected to the internet for security purpose, also USB keys were used which are infected, Programmable Logic Controllers (PLC) were also used.

  7. Operation Aurora: In 2010, China hacked around 20 international companies including Google, Yahoo, facebook, Adobe systems. Combination of stealth programming and encryption techniques were used to create vulnerability in browsers.

  8. Night Dragon: In 2011, China attacked on European and American companies, which includes Royal Dutch Shell, Baker Hughes, etc. Chinese hackers have used wide range of unsophisticated hacking tools and some other techniques.

  9. Deep Panda: In 2015, United States Office of Personnel Management was targeted by China. Some spear phishing attachments has been forwarded to the employees.

  10. APT33: Recently in 2017, Iran targeted U.S, Saudi Arabia, and South Korea in which domain masquerading has been used and also technique of spear phishing mails has been taken into consideration.

APT

Like this many APT attacks have taken place all over the world. This is just an overview of APT attacks. Such threats are cyber espionage, which creates cyberwar. Which steals classified, sensitive data or intellectual property to gain an advantage over a competitive company or government entity are called as cyber espionage type of cyber attack. So, we should be aware about it and should look after security purposes.


 
 
 

Comentários

bottom of page