Advanced Persistent Threat is the term for a sophisticated persistent cyber threat. Attackers have the deep technical expertise and employ elaborate methods or tools. They are organized or state-driven. Targets of an APT are typically large enterprises, government agencies, or critical infrastructure operators. The focus of the attack is to obtain sensitive, valuable or secret information or to disrupt and sabotage.
What is an APT (Advanced Persistent Threat)?
The acronym for Advanced Persistent Threat is APT. Translated into German, APT means “advanced persistent threat.” It is a special form of cyber threat that specifically attacks networks, systems, or data of companies, organizations, or government institutions. Typical targets are large corporations, government agencies, or critical infrastructure. The attackers are well organized, have deep technical expertise, and use elaborate methods or tools.
Often, the attacks are prepared over long periods of time. In many cases, Advanced Persistent Threats are carried out by state-controlled attackers. The attackers focus on sensitive, valuable, or secret information. Disrupting or sabotaging companies, organizations, processes or infrastructures can also be targets of an Advanced Persistent Threat. Attackers attempt to remain undetected and capable of action for long periods of time. Due to the advanced and sophisticated attack methods, protective measures against this type of attack are costly.
Differences between classic cyber attacks
Classic cyber-attacks, such as those using malware or botnets, differ from Advanced Persistent Threats in that the target audience of the attack is much broader. Compared to classic cyber threats, an APT uses sophisticated, complex methods and tools to target specific victims. In some cases, attackers specifically develop specialized software for individual attacks.
The attacks need to be prepared from a long hand and involve a lot of effort, while classic cyber attacks are carried out en masse and the tools and programs used are usually not adapted to individual victims.
Typical targets of an Advanced Persistent Threat
Typical targets of an Advanced Persistent Threat are companies, organizations, or government institutions where particularly sensitive or valuable information can be found. These include large corporations, financial sector organizations, government ministries, manufacturing companies, consulting firms, critical infrastructure operators, or research or development institutions.
In some circumstances, attacks are initially targeted at smaller companies. They serve as an access point for the attackers and a stepping stone to the actual target. Data targeted by the attackers include:
- Personal data
- Trade secrets
- Access data
- Cryptographic keys
- Manufacturing processes
- Infrastructure data
- Communication data and content
Process of an Advanced Persistent Threat
An Advanced Persistent Threat occurs in several stages. After extensive preparation, attackers attempt to gain access to a system. This can be done, for example, via undiscovered or unpatched vulnerabilities, faulty software, credentials obtained via phishing, or malware. If the access attempt is successful, the attackers attach great importance to remaining undetected for as long as possible.
They set up bases from which they move on within the systems. The access points are expanded and optimized unnoticed until the attackers can move almost freely within the target system. The systems are scouted and the desired information is tapped. Once the attack target has been reached, the attackers withdrew. Backdoors that have been set up allow them to return at any time as long as the attack has not been noticed.
Protective measures against an Advanced Persistent Threat
Due to the advanced and sophisticated attack methods, protective measures against this type of attack are costly. The basic requirements for protection are the use of secure systems, the timely closing of vulnerabilities, and the use of advanced, multi-layered security solutions.
Defending against or detecting an APT can only succeed if security information is collected from many different sources and continuously sifted and analyzed. The German Federal Office for Information Security (BSI) provides recommendations for protective measures against Advanced Persistent Threats.