Anatomy of a Cyber Attack(APTs)

If you know how they work,
you can learn how to stop them

From cyber criminals who seek personal financial information and intellectual property, to state sponsored cyber attacks designed to steal data and compromise infrastructure, today’s advanced persistent threats (APTs) can sidestep cyber security efforts and cause serious damage to your organization. A skilled and determined cyber criminal can use multiple vectors and entry points to navigate around defenses, breach your network in minutes, and evade detection for months. Advanced persistent threats present a challenge for organizational cyber security efforts.

If you know how they work, <br>

The Six Steps of an Advanced Persistent Threat

To improve your cyber security and successfully prevent, detect, and resolve advanced persistent threats, you need to understand how APTs work:

  1. The cyber criminal, or threat actor, gains entry through an email, network, file, or application vulnerability and inserts malware into an organization's network. The network is considered compromised, but not breached.
  2. The advanced malware probes for additional network access and vulnerabilities, or communicates with command-and-control (CnC) servers to receive additional instructions and/or malicious code.
  3. The malware typically establishes additional points of compromise to ensure that the cyber attack can continue if one point is closed.
  4. Once a threat actor determines that they have established reliable network access, they gather target data, such as account names and passwords. Even though passwords are often encrypted, encryption can be cracked. Once that happens, the threat actor can identify and access data.
  5. The malware collects data on a staging server, and then exfiltrates the data off the network and under the full control of the threat actor. At this point, the network is considered breached.
  6. Evidence of the cyber attack is removed, but the network remains compromised. The cyber criminal can return at any time to continue the data breach.

 

Traditional cyber security measures, such as defense-in-depth, firewalls and antivirus, cannot protect against these advanced persistent threats. They leave organizations vulnerable to data breaches. The Adaptive Defense approach from FireEye is the best strategy to intercept possible APTs at any point in your network, analyze them with the latest available information on threat actors and methodology, and support your security professionals with extensive knowledge of industry and threat groups they may encounter. 


Adaptive Defense

The FireEye Adaptive Defense approach to cyber security delivers technology, expertise, and intelligence in a unified, nimble framework. Adapt your security architecture to prevent today’s cyber attacks and avert their worst effects.