Anatomy of Advanced Persistent Threats
If you know how they work, you can learn how to stop them
From cyber criminals who seek personal financial information and intellectual property to state-sponsored cyber attacks designed to steal data and compromise infrastructure, today’s advanced persistent threats (APTs) can sidestep cyber security efforts and cause serious damage to your organization. A skilled and determined cyber criminal can use multiple vectors and entry points to navigate around defenses, breach your network in minutes and evade detection for months. APTs present a challenge for organizational cyber security efforts.
The Six Steps of an APT
To improve your cyber security and successfully prevent, detect, and resolve advanced persistent threats, you need to understand how APTs work:
- The cyber criminal, or threat actor, gains entry through an email, network, file, or application vulnerability and inserts malware into an organization's network. The network is considered compromised, but not breached.
- The advanced malware probes for additional network access and vulnerabilities or communicates with command-and-control (CnC) servers to receive additional instructions and/or malicious code.
- The malware typically establishes additional points of compromise to ensure that the cyber attack can continue if one point is closed.
- Once a threat actor determines that they have established reliable network access, they gather target data, such as account names and passwords. Even though passwords are often encrypted, encryption can be cracked. Once that happens, the threat actor can identify and access data.
- The malware collects data on a staging server, then exfiltrates the data off the network and under the full control of the threat actor. At this point, the network is considered breached.
- Evidence of the cyber attack is removed, but the network remains compromised. The cyber criminal can return at any time to continue the data breach.
Traditional cyber security measures such as defense-in-depth, firewalls and antivirus cannot protect against APTs, and leave organizations vulnerable to data breaches. The Adaptive Defense approach from FireEye is the best strategy to intercept possible APTs at any point in your network, analyze them with the latest available information on threat actors and methodology, and support your security professionals with extensive knowledge of industry and threat groups they may encounter.
Learn More about Cyber Attacks
- White Paper: Closing Critical IT Security Gaps for More Effective Defense
- White Paper: Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks
- White Paper: Advanced Targeted Attacks
- White Paper: 5 Design Principles of Advanced Malware Protection
- Blog: Defining Advanced Malware is as Difficult as Preventing It
- Advanced Threat Solutions Recommendation Guide
The FireEye Adaptive Defense approach to cyber security delivers technology, expertise, and intelligence in a unified, nimble framework. Adapt your security architecture to prevent today’s cyber attacks and avert their worst effects.