![]() ![]() This might take the form of a DDoS attack, again tying up network personnel and/or weakening site defenses to facilitate extraction. Typically, white noise tactics are used to distract your security team so the information can be moved out. Once enough data has been collected, the thieves need to extract it without being detected. While an APT event is underway, stolen information is typically stored in a secure location inside the network being assaulted. For example, attackers could delete entire databases within a company and then disrupt network communications in order to prolong the recovery process. If sabotage is the motive, this phase is used to subtly gain control of multiple critical functions and manipulate them in a specific sequence to cause maximum damage. In doing so, they’re able to gather critical business information, including product line information, employee data and financial records.ĭepending on the ultimate attack goal, the accumulated data can be sold to a competing enterprise, altered to sabotage a company’s product line or used to take down an entire organization. This involves moving up an organization’s hierarchy, compromising staff members with access to the most sensitive data. Stage 2 – ExpansionĪfter the foothold is established, attackers move to broaden their presence within the network. Backdoors can also come in the form of Trojans masked as legitimate pieces of software. Once initial access has been achieved, attackers quickly install a backdoor shell-malware that grants network access and allows for remote, stealth operations. This serves both as a smoke screen to distract network personnel and as a means of weakening a security perimeter, making it easier to breach. This is achieved either through malicious uploads (e.g., RFI, SQL injection) or social engineering attacks (e.g., spear phishing)-threats faced by large organizations on a regular basis.Īdditionally, infiltrators may simultaneously execute a DDoS attack against their target. ![]() Stage 1 – InfiltrationĮnterprises are typically infiltrated through the compromising of one of three attack surfaces: web assets, network resources or authorized human users. Advanced persistent threat (APT) progressionĪ successful APT attack can be broken down into three stages: 1) network infiltration, 2) the expansion of the attacker’s presence and 3) the extraction of amassed data-all without being detected. Next, Trojans and backdoor shells are often used to expand that foothold and create a persistent presence within the targeted perimeter. More common attacks, such as remote file inclusion (RFI), SQL injection and cross-site scripting (XSS), are frequently used by perpetrators to establish a foothold in a targeted network. They often aim to infiltrate an entire network, as opposed to one specific part.They’re manually executed (not automated) against a specific mark and indiscriminately launched against a large pool of targets.They’re not hit and run attacks-once a network is infiltrated, the perpetrator remains in order to attain as much information as possible.Some APT attacks are government-funded and used as cyber warfare weapons.ĪPT attacks differ from traditional web application threats, in that: The perpetrators are usually teams of experienced cybercriminals having substantial financial backing. The sabotaging of critical organizational infrastructures (e.g., database deletion)Įxecuting an APT assault requires more resources than a standard web application attack.Compromised sensitive information (e.g., employee and user private data).Intellectual property theft (e.g., trade secrets or patents).The consequences of such intrusions are vast, and include: The targets of these assaults, which are very carefully chosen and researched, typically include large enterprises or governmental networks. An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.
0 Comments
Leave a Reply. |