Texture Side Right Grey 04

Anatomy of Advanced Persistent Threats

If you know how they work, you can learn how to stop them

From cyber criminals who seek personal financial information and intellectual property to state-sponsored cyber attacks designed to steal data and compromise infrastructure, today’s advanced persistent threats (APTs) can sidestep cyber security efforts and cause serious damage to your organization. A skilled and determined cyber criminal can use multiple vectors and entry points to navigate around defenses, breach your network in minutes and evade detection for months. APTs present a challenge for organizational cyber security efforts.


The Six Steps of an APT Attack

To improve your cyber security and successfully prevent, detect, and resolve advanced persistent threats, you need to understand how APTs work:

The cyber criminal, or threat actor, gains entry through an email, network, file, or application vulnerability and inserts malware into an organization's network. The network is considered compromised, but not breached.

The advanced malware probes for additional network access and vulnerabilities or communicates with command-and-control (CnC) servers to receive additional instructions and/or malicious code.

The malware typically establishes additional points of compromise to ensure that the cyber attack can continue if one point is closed.

Once a threat actor determines that they have established reliable network access, they gather target data, such as account names and passwords. Even though passwords are often encrypted, encryption can be cracked. Once that happens, the threat actor can identify and access data.

The malware collects data on a staging server, then exfiltrates the data off the network and under the full control of the threat actor. At this point, the network is considered breached.

Evidence of the APT attack is removed, but the network remains compromised. The cyber criminal can return at any time to continue the data breach.

Traditional cyber security measures such as defense-in-depth, firewalls and antivirus cannot protect against an APT attack, and leave organizations vulnerable to data breaches. The Adaptive Defense approach from FireEye is the best strategy to intercept possible APTs at any point in your network, analyze them with the latest available information on threat actors and methodology, and support your security professionals with extensive knowledge of industry and threat groups they may encounter.