What is Advanced Persistent

Threats?

➲ Advance Persistent Threats, called as APT in short is imposed against a network, creating space for an unauthorized access over the network that goes unidentified for a prolonged time. The consistent control and command is progressed through an external system to continuously monitor and take information from the targeted organization's network

Purpose of Advanced Persistent threat

➲ The main purpose of Advanced Persistent threat is to steal sensitive information from the organization.

➲ It does not cause any destruction to the organization's

network. ➲ Advanced Persistent Threats is mainly created by attackers to

target companies and businesses of various sectors that involves information that are on high demand.These information can be matters relating to national affairs, financial industries, and more.

APT & Cyber Attack

➲ Advanced Persistent Threats are most commonly developed for the purpose of cyber attacks.

➲ This is done to enable the access of critical information by

incorporating a range of intelligent techniques though an internet based espionage. They target the victim through threat vectors that can include infected media, compromised supply chain and also through social engineering. Such persistent mode of attacks are done by inserting a piece of malicious code tailored to infect the victim’s system and hence stays there for a longer time without getting detected by the user.

Risk against financial information

➲ Advanced Persistent Threats are developed to generate risk against financial information of any targeting organization to bring down the reputation of the company residing undetected for a prolonged time by the following persistent process.

Advanced Persistent Threats target specific organizations for a single

purpose ➲ These Threats creates a secure position in the environment

through phishing emails or any other means of cyber attacks. ➲ They compromise the systems of targeted organizations,

therefore using them as a medium to access all the sensitive information from the targeted network.

➲ They use the infected systems to deploy any malicious

applications that can reside to probe the objective of the attack.

➲ APT’s attack the users to conduct a series of attacks, by different means and modes not allowing the victim to identify the presence of them residing in the system.

Life Cycle of APT (Advanced Persistent Threats)

➲ Initial compromise ➲ Take over of Privileges ➲ Internal Research ➲ Expansion of Control ➲ Maintain Presence ➲ End of Mission

➲ Initial Compromise: The attacker enters the targeted system through zero day viruses, spear phishing, unknown files or through infecting websites that the victim user visits more often and through a various range of other malicious aspects

➲ Establish Secure space: Finds a secure place to implant a

remote administration application in the targeted network that paves the way to access the victim's infrastructure.

➲ Take over of Privileges: They generate malicious programs

and software to remotely crack the passwords and secret codes to access and get the administrator privileges over the victim's system and extending it to the accounts connected to Windows domain administrator.

➲ Internal Research: the malicious program starts to looks into all the details of the organization that it is targeting on. It conducts a main research on the windows domain structure, trust relationships and the infrastructure that it the organization is connected to.

➲ Expansion of Control: Extends its control over the other

workstations, servers and other components of infrastructure to steal data data from them.

➲ Maintain Presence: Persistent control and access of

credentials of the infrastructure ➲ End of Mission: Withdraw stolen information from the

targeted organization's network.

For more details: http://containment.comodo.com/