What is an Advanced Persistent Threat?

  • Team Omega
  • April 14, 2012

Recently there has been a lot written about Advanced Persistent Threats or APTs.  In reviewing many definitions of these threats by industry experts and security organizations, here is a common definition of this newer type of threat that is increasingly making the news:

Advanced – attackers behind the threat utilize the full spectrum of computer intrusion technologies and techniques. They often combine multiple targeting methods, tools, and techniques in order to reach and compromise their target and maintain access to it using malware, trusted connections, VPNs, infected USB memory sticks, drive-by-downloads, email attachments,  and even grey market network devices.

Persistent – The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attack retries or a brute force / denial of service type of attempt at a break-in.  In fact, a “low-and-slow” approach is used  to keep  the attack “under the radar” of most detection equipment and tools.   The attack avoids repeating network traffic or techniques that are commonly detected by intrusion protection equipment and software.

Threat – there is a level of coordinated human involvement in the attack, rather than just a mindless and automated piece of code used to see if anything of possible value can be learned with it. The attackers have specific objectives against a specific target and are skilled, motivated, organized and well funded to accomplish them.