What is an Advanced Persistent Threat?

Next story
Olivia Storey

Advanced Persistent Threats (APT): what they are, what they do and how to protect yourself against them?

An advanced persistent threat (APT), is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.

Sadly, cyberattacks are becoming increasingly more complex, meaning companies and organisations need innovative ways of handling the advanced threats.

Ondrej Kubovič, ESET IT Security Awareness Specialist, talks about the increase in complex cyberattacks, specifically looking into Advanced Persistent Threats, how they work and what organisations can do to deal with such attacks.

“For most organisations, complex attacks would fall more into the category of the Advanced Persistent Threats (APT). These are highly sophisticated attacks, performed by skilled and often state-backed black-hat groups with significant financial, technical and human resources.

“Many of the techniques used in APTs are leveraging combinations of zero-day vulnerabilities, weak spots in the targeted systems, like wrong settings, and sometimes even insecurity-by-design.

“Insecurity-by-design is where an organisation keeps using old technology created in a different time, and is not secure enough for current ‘online’ world, that can only be identified and evaluated by experienced human analysts, meaning human skills are necessary in these cases.

“There are no exact stats for such threats, basically because they are trying to stay as stealthy as possible. Most cyberattacks are spotted only after the damage is done. However, there is a repository on GitHub tracking public reports focusing on APT cases.

“The conclusion is often only possible after a thorough investigation of the malicious code and affected infrastructure. Machine learning can be a helpful tool to identify the anomalies, but it may not be necessarily able to label the activity as malicious.

“We can only assume, that the number of APTs will increase in the coming months as there is a growing amount of data and information that can be stolen, misused and monetised - which increases the motivation of black-hat attackers.

“Organisations should review settings and solutions implemented in their systems, removing any non-essential services and apps – thus limiting the attack surface.

“Replace old hardware and software, mostly old Operating Systems that are unsupported, and use reliable security suites corresponding with the size and complexity of the organisation.

“Companies also need to evaluate their digital properties to know where their ‘crown jewels’ are and what level of protection they have.”

Does your company have a policy to combat APTs? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.