Skip to main content

APTs concept

APTs are different from other targeted attacks in the following ways:

Customized attacks: Advanced Persistent Threats (APTs) frequently use highly customized methods, tools and access gaining techniques. These techniques are developed specifically for a particular purpose or campaign. These tools include viruses, zero-day vulnerability exploits, rootkits and worms.
In addition, APTs often launch series of threats or “kill chains” continuously to attack their targets and ensure continuing access to targeted computers, sometimes including a "sacrificial" threat to trick the target into thinking the attack has been successfully repelled. The objective of Cyber Kill Chains is to enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques and procedures. The Cyber Kill Chain framework is part of the Intelligence Driven Defense model for the identification of attack.
Low and slow: Advanced Persistent Threat attacks occur over long tenure during which the attacker moves slowly and secretly to avoid detection. It is opposite to the faster tactics of many attacks launched by typical hackers or cyber-criminals. The main objective of APT is to stay undetected or in a stealth mode. It moves slowly with continuous monitoring and low interaction till the attackers fulfill their defined objectives.
Higher aspirations: Advanced Persistent Threats are designed to fulfill the requirements of international sabotage or espionage, usually involving covert state actors. The objective of an APT may include military secrecy breach, political agenda, or economic intelligence gathering, confidential data or trade secret threat, disruption of operations of any important department, or even destruction of equipment. Groups behind APTs are well funded and staffed; they may operate with the support of military or state intelligence.
Specific targets: While any large organization possessing intellectual property or valuable customer information is susceptible to targeted attacks, APTs are aimed at a much smaller range of targets. Most of the reported APT attacks have been launched at Government agencies, contractors of the Defence department and manufacturers of products that are highly competitive and in demand on global markets. But government related manufacturers and organizations are not the only targets. Ordinary companies with valuable and advanced technology or intellectual property are now targeted by nation states. Along with this, APTs may attack vendor or partner organizations of their targets.

Comments

Post a Comment

thank you for visiting :)

Popular posts from this blog

The Seven-Step Model of Migration

Irrespective of the migration approach adopted, the Seven-step Model of Cloud Migration creates a more rational point of view towards the migration process and offers the ability to imbibe several best practices throughout the journey Step 1: Assess Cloud migration assessments are conducted to understand the complexities in the migration process at the code, design and architectural levels. The investment and the recurring costs are also evaluated along with gauging the tools, test cases, functionalities and other features related to the configuration. Step 2: Isolate The applications to be migrated to the cloud from the internal data center are freed of dependencies pertaining to the environment and the existing system. This step cuts a clearer picture about the complexity of the migration process. Step 3: Map Most organisations hold a detailed mapping of their environment with all the systems and applications. This information can be used to distinguish between the ...
Post a Comment
Read more

Special Permissions in linux

The setuid permission on an executable file means that the command will run as the user owning the file, not as the user that ran the command. One example is the passwd command: [student@desktopX ~]$ ls -l /usr/bin/passwd -rw s r-xr-x. 1 root root 35504 Jul 16 2010 /usr/bin/passwd In a long listing, you can spot the setuid permissions by a lowercase s where you would normally expect the x (owner execute permissions) to be. If the owner does not have execute permissions, this will be replaced by an uppercase S . The special permission setgid on a directory means that files created in the directory will inherit their group ownership from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories to automatically change a file from the default private group to the shared group, or if files in a directory should be...
Post a Comment
Read more

RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version

import tweepy /usr/lib/python2.7/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version!   RequestsDependencyWarning) Traceback (most recent call last):   File "<stdin>", line 1, in <module>   File "/usr/local/lib/python2.7/dist-packages/tweepy/__init__.py", line 14, in <module>     from tweepy.api import API   File "/usr/local/lib/python2.7/dist-packages/tweepy/api.py", line 12, in <module>     from tweepy.binder import bind_api   File "/usr/local/lib/python2.7/dist-packages/tweepy/binder.py", line 11, in <module>     import requests   File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 97, in <module>     from . import utils   File "/usr/lib/python2.7/dist-packages/requests/utils.py", line 26, in <module>     from ._internal_utils import to...
Post a Comment
Read more

tag