Introduction
An advanced persistent threat (APT) is a discerning spasm which that acquires unlicensed entry to communication and information systems to drain private data from government institutions, companies, and industries with the intent of effecting harm. The attacks pose an imminent menace since it is challenging to spot them at early stages as the attackers employ diverse techniques to remain undetected and escape efficiently upon recognition. The infiltration by the intruder into the governmental and large firms’ networks results in severe destruction not limited to the theft of intellectual property, the collapse of indispensable services, and damage of core infrastructural systems. An example of APT is the Stuxnet used by the cyber-forces in Israel and the US in the 2010s to subvert the nuclear program in Iran (Alshamrani et al., 2019, p. 1851). Other assaults associated with substantial losses of intellectual property, private data, and finances include APT10, APT41, and FIN6 targeting telecom, engineering, and aerospace firms in the US, Europe, and Japan. The purpose of this paper is to present the features of the APTs, the process of APTs attacks, as well as the methods and techniques deployed by ATPs attackers to execute assaults.
Features of APTs
The constituents of the term APT form part of the characteristics of APTs. The word advanced implies that the rival is acquainted with the invasion tools and techniques and the development of customized threats. Besides, persistent persistence denotes that the enemy is determined to accept commands and attack a definite target, while threat infers that the opponent is inspired, sustained, and organized. The features of ATP are centered on attacker, target, purpose, and lifecycle of attack (Alshamrani et al., 2019, p. 1852). The attackers are coordinated illegal groups or government actors, targeting diplomatic institutions, industries, and other sectors, to acquire confidential information or destroywith the purpose of acquiring confidential information or destroying the targeted victim. The life cycle of the malicious attack endeavors to retain consistent invasion using multiple methodmethods. In conclusion, the features of the ATPs are aligned with the aims and objectives of the attackers.
APT Attack Process
Diverse approaches are utilized to portray an APT as attacks are explicitly customized per victim, and every APT campaign is performed differently. However, the initial step is the creation of a point for gaining network access (Alshamrani et al., p. 1854). For accessibility sustenance, a communication path is created by the tailored malware to permit multiple injections of the malevolent code by the attackers. The added worm passes stealthily through the system, identifying the other susceptible hosts vulnerable to infection on the pathway. Additionally, the malware replicates itself to remain dominant within the system structure. Notably, other outward-bound system links can be established by the APT botnet, thus, allowing them to obtain extensive data. Therefore, the process of the APT attack can be said to comprise initial surveillance, preliminary compromise, foothold establishment, access rights escalation, internal reconnoitering, lateral propagation, existence sustenance, and mission accomplishment.
Techniques and Methods of ATP Attacks Execution
Execution of the ATP attacks employs diverse methodology and techniques depending on the targeted subject. First, social engineering applies when the manipulation of the systems is perpetuated by the people with access rights divulged to them to undertake a persuasive and controlled attack. Second, the spear-phishing technique focuses on collecting user identifications, financial data, and other private credentials for specified targeted organizations. The third is the watering hole technique which the attacker mines victims’ data based on their peculiar interests (Alshamrani et al., p. 1856). The lastLast but not the least, drive-by-download involves accidental download and vindictive software execution on visiting a malicious website without the user’s knowledge.
Conclusion
In conclusion, advanced persistent threats are complex attacks which that are tailored for a specific target. It has been delineated that the actors who deploy diverse methods to undertake the assaults are categorized into private and government attackers. Therefore, firms are encouraged to employ appropriate machine learning applications and approaches as a part of their cybersecurity measures for the early detection and curbing of APTs.
Reference List
Alshamrani, A. et al. (2019) ‘A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities.’ IEEE Communications Surveys & Tutorials, 21(2), pp. 1851-1877.