Cyber Explainer: The Advanced Persistent Threat

A favorite of adversarial nation states, APTs are one of the most data-rich heists that a hacking group can pull off

cybersecurity advanced persistent threat

In this new series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyberattack methods criminals use to exact them. For this first installment, we look at the rise of the Advanced Persistent Threat.

What It Means
Cyberattacks may feel like sudden events, but they’re actually most dangerous when methodical. That’s why nation states and ambitious hacker groups frequently compromise targets using an Advanced Persistent Threat (or APT). Here, an outsider infiltrates a network, frequently through malware, then often establishes backdoors for reconnaissance and data-staging/extraction. APT attacks are almost always lucrative, aiming to steal valuable intellectual property and other sensitive data. That’s why they are becoming more commonplace.

Where You’ve Seen It
Stuxnet, the computer worm which the U.S. and Israel allegedly used to disable an Iranian nuclear facility around 2009, is the most famous APT case. More recently, investigators have chalked-up the attack on the U.S. Office of Personnel Management (OPM) in 2015—one of the government’s largest breaches—to an APT planted by a Chinese government-sponsored hacking group. And just a month ago, the Russian “Turla APT” group was reportedly the culprit behind a cyber-espionage campaign that spear-phished officials and journalists attending a G20 task-force meeting.

How to Stop It
APTs are so formidable, because they are adept at hiding. This level of sophistication requires cybersecurity with both macro and micro visibility into the behaviors of—and interactions between—entities such as users, files, and networks. A data-hungry analytics solution that centralizes data feeds (including SIEM systems), and uses machine learning to eliminate false alerts, will be transformative in protecting critical data. It is impossible to prevent APT attempts, but they can absolutely be caught quickly, before damage is done.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence