An advanced persistent threat (APT) attack is a little like a bed bug infestation: If you have one, you can sanitize everything and put protective measures in place, but there's a good chance they'll be back. New APT cases crop up monthly these days. What can we learn from them, and how can we protect ourselves?
Advanced persistent threats could be a misnomer, argues Ron Gula, co-founder and CEO at Tenable Network Security, a Columbia, Md.-based provider of network monitoring. “When APT was first bought out, I pooh-poohed it,” he says. “I said it was no different than The Cuckoo's Egg.” In that book, Cliff Stoll, an astronomer turned systems manager at Lawrence Berkeley National Laboratory, tracked a hacker who penetrated the lab's system via a telephone modem connection in 1986.
Intelligent, persistent intruders have been lodging themselves in victims' networks for years, experts acknowledge. These days, though, their motives are more focused. They are after the target's data – which they can use for political or financial gain – and their techniques are methodological.
They move from reconnaissance (looking for weaknesses) through initial compromise, establishing a foothold, and then privilege escalation. They move laterally through the network, gaining access to more systems, and establish backdoors to ensure that they can get back in later on. At various points along this process, they will steal data from under the administrator's nose.Full Article. Dissecting an APT attack
Advanced persistent threats could be a misnomer, argues Ron Gula, co-founder and CEO at Tenable Network Security, a Columbia, Md.-based provider of network monitoring. “When APT was first bought out, I pooh-poohed it,” he says. “I said it was no different than The Cuckoo's Egg.” In that book, Cliff Stoll, an astronomer turned systems manager at Lawrence Berkeley National Laboratory, tracked a hacker who penetrated the lab's system via a telephone modem connection in 1986.
Intelligent, persistent intruders have been lodging themselves in victims' networks for years, experts acknowledge. These days, though, their motives are more focused. They are after the target's data – which they can use for political or financial gain – and their techniques are methodological.
They move from reconnaissance (looking for weaknesses) through initial compromise, establishing a foothold, and then privilege escalation. They move laterally through the network, gaining access to more systems, and establish backdoors to ensure that they can get back in later on. At various points along this process, they will steal data from under the administrator's nose.Full Article. Dissecting an APT attack
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
