Advanced Persistent Threat (APT)

Advanced_persistent_threat_lifecycle - Secret Double Octopus

Advanced persistent threat (APT) is a general term that refers to sophisticated and persistent efforts to breach a computing device or network. The attack is often targeted at a specific resource or user, and perpetrated by very capable and well-funded attackers (e.g. government organizations). APT attacks can employ various attack tools and techniques that exploit known or zero-day vulnerabilities, including infected media, supply chain compromise, and social engineering. The purpose of these attacks is typically to place custom malicious code on one or more computers for specific tasks, and to remain undetected for the longest possible period.

Frequently Asked Questions
What are the characteristics of advanced persistent threats?

Advanced persistent threat attacks are often targeted at a specific resource or users and perpetrated by very capable and well-funded attackers like government organizations. APT attacks can employ various attack tools and techniques, including infected media, supply chain compromise, and social engineering. The purpose of these attacks is to place custom malicious code on one or multiple computers for specific tasks and to remain undetected for the longest possible period. APT attacks can involve the use of zero-day exploits as a means of delivering malicious software to a target system.

What is Application Threat Modeling?

Application Threat modelling is the process of identifying, understanding and communicating potential threats to an application. Threat modelling is done typically during the design phase of an application to ensure adequate protection measures are designed into the application and implemented.

What does zero day exploit mean?

Zero-day exploit is a piece of software, data, or a sequence of commands that takes advantage of a zero-day vulnerability to cause a host to execute unintended or unanticipated behavior. A zero-day vulnerability is a computer-software vulnerability that is known only to the attacker and not the defender.

What is STRIDE threat model?

STRIDE is a threat model proposed for identifying computer security threats. It proposes six categories of threats that need to be considered when reasoning about a systems security. The six categories are (i) spoofing of user identity, (ii) tampering, (iii) repudiation, (iv) information disclosure (privacy breach or data leak), (v) denial of service (DOS), and (vi) elevation of privilege.

STRIDE was proposed by Praerit Garg and Loren Kohnfelder while at Microsoft.

What is repudiation threat?

A repudiation threat, one of the 6 threat categories identified by the STRIDE threat model, is when a user can perform an action on a system, while preserving the ability to deny doing it. It is widely accepted that systems need to be designed so all actions are properly attributed and there is no option for repudiation.

What is a known example of an APT attack?

Notable APT attacks include the Stuxnet Worm (2010), and Deep Panda (2015).

Stuxnet was considered at the time to be one of the most sophisticated pieces of Malware ever detected. It was used to sabotage the Iranian nuclear program by causing centrifuges used to enrich nuclear fuel to malfunction. Unlike attacks that preceded it, Stuxnet targeted systems that are traditionally not connected to the internet for security reasons, by infecting target hosts via USB keys and then propagating across the network to the target centrifuges.

Deep Panda is an attack that targeted the US Government’s Office of Personnel Management, and compromised over 4 million US personnel records. The attack is attributed to Chinese actors working on behave of the government.

What is advanced threat protection?

Advanced threat protection (ATP) refers to a category of security solutions that claim to defend against APT attacks. Today most traditional anti-virus solutions are claiming advance threat protection capabilities, and rebranding themselves as ATP vendors.