“Advanced Persistent Threat”

Getting Back to the Real Meaning of

The time has come for the

cybersecurity world to remember

the true meaning of APTs and

understand the level of danger they

pose to companies today.

The basic definition of APTs isn’t specific enough.

Knowing the steps attackers take when launching

an attack and the difference between APTs and

targeted attacks is enough to set the story straight.

VS APTs TARGETED ATTACKS

Targeted Attack, APT or Both?

APT TARGETED

ATTACK

BO

TH

?

APTs are often improperly

categorized because of their

seemingly vague definition.

At its most basic level, an APT is

a category of threats where

cyber attackers thoroughly and

aggressively pursue and

compromise a target.

All APTs

Targeted Attacks

All APTs can be considered

targeted attacks.

Targeted Attacks

APTs

However, companies run into

problems in thinking that all

targeted attacks are APTs—

it’s simply not true.

What are the Key Differentiators that Make

APTs Unique Attack Vectors?

Customized Tools and Techniques

Unlike widespread and generic

targeted attacks, APTs include

zero-day exploits, rootkits and

other tools that are designed for a

specific attack.

APTs attempt to move slowly

and stay under the radar for a

long time until the mission is

finished.

Mainstream cyber attackers often go

for “the quick score." They get in and

out as quickly as possible to obtain

some valuable data.

The Long Con

High Expectations APTs are often used to carry out

covert state actions, targeting

military, political or economic data.

They aren’t perpetrated by a

singular attacker; rather, groups

using APTs can be well staffed and

funded, and operate with high

levels of intelligence.

One Specific GoalOrganizations executing APTs go

into a project with an objective that

they relentlessly pursue. These

groups know exactly what their

goals are - and won’t stop until

they’ve been attained.

Understanding What an APT Attack Looks Like

According to Mandiant*, while different attacker

groups may modify the APT roadmap, these are the 7

steps attackers go through for an APT attack.

*Data Source: Mandiantm - The Advanced Persistent Threat

1 2 3 4 5 6 7Initial Compromise

Attackers compromise an

individual connected to the target

network, often with a spear

phishing attack, to begin the

malware delivery for an APT attack.

https://dl.mandiant.com/EE/assets/PDF_MTrends_2010.

pdf

1 2 3 4 5 6 7 Establish a Foothold

A backdoor is implemented to

ensure that the threat group is

able to access and control at

least one computer in the

target network.

1 2 3 4 5 6 7

Escalate Privileges

User credentials are

compromised in succession to

gain authorized increasing

access to network resources.

Click below to get our guide about the differences

between honeypots and deception tech...

Coffee Break!

1 2 3 4 5 6 7

Internal Recon

The attackers collect

information about the network

and learn where the valuable

information is stored.

1 2 3 4 5 6 7Move Laterally

With the newly acquired

credentials, attackers can move

through the network of

computers until they reach

their end goal.

1 2 3 4 5 6 7Maintain Presence in the Network

Whether it’s through

additional backdoors or valid

PKI and VPN credentials,

attackers make sure they have

continuous access to the

victim network.

1 2 3 4 5 6 7

Complete the Mission

When attackers make their way

to the valuable data, they

compress it and find a way to

remove it from the network undetected.

www.illusivenetworks.com

You've earned a donut to go with your coffee. Now you understand the

steps attackers take when launching an attack and the difference

between APTs and targeted attacks.

Success!

Learn More AboutAttacker ViewTM Technology Click Here