Advanced Persistent Threats...Friday Morning Cyberamblings
This form of threat typically utilizes a plethora of techniques to gain initial access to a network. Bad actors may use the internet to deliver malware and gain access, execute physical malware infection, or even external exploitation to gain access to even the most fiercely guarded networks.
The modus operandi of these attacks are different from usual traditional threats, such as viruses and malware - that behave the same way consistently, and are often redefined, for attacking different targets or enterprises. Advanced persistent threats do not use a broad, generic approach; instead, they are methodically planned and designed with the objective of attacking a specific company or organization. They are typically highly customized and sophisticated, with the capability to successfully negotiate around existing security measures in place within the target.
A well-used ploy is to use trusted connections to gain initial access. Attackers may use business partners’ or employees’ credentials, obtained through phishing attacks or other malicious means. This assists attackers in the key goal of staying under the radar so they can remain undetected long enough to map the organization’s systems and data and devise a strategic plan of attack to harvest company data.
Malware is a critical ingredient to the success of an advanced persistent threat. Once the network is breached, bad actors are able to install malware that has the capability to navigate the network from system to system, hide from certain detection systems, monitor network activity, and obtain data. The ease with which attackers are able to control an advanced persistent threat remotely is also crucial, enabling cyber-perpetrators to explore the organization’s network end-to-end, gain access to the desired information, identify critical data and initiate the extrapolation and exploitation of data.
Happy Weekend Y’all and stay Safe, Hearty and Happy
Richard