What is meant by apt?
APT, which often translate into Russian as a targeted attack, has become a popular topic of information security stories. By APT was meant the Stuxnet virus, by APT was meant attacks on RSA and Sony, by APT was meant an attack on Gmail under the code name "Aurora". The latter, however, sometimes deciphered as the Asia Pacific Threat. Obviously, each company under APT implies something of its own, so it would be interesting what each one puts into this phrase. Let us try to classify the definitions of targeted attacks that are used by different companies.
So, I propose to define the following qualification signs of APT:
')
These signs are the most common, and, most importantly, they to a certain extent allow you to build protection against APT - which is why they are used by the marketing services of the manufacturers of protective equipment, for which APT is a way of intimidating customers before selling their products. At the same time, it is possible that there are more qualifying signs of targeted attacks, which are less practical from a marketing point of view, but nonetheless characterize targeted attacks.
So, I propose to define the following qualification signs of APT:
- Industry focus. Some antivirus companies mean by APT virus attacks against a specific industry. An example is Stuxnet, aimed at the nuclear industry. Such malicious codes are in fact still distributed en masse to either the target spam mailing around the industry or from a thematic site, but their further distribution is indeed strictly controlled. Some companies call such attacks the word APT.
- The complexity of the codes . In some cases, targeted attacks imply complex codes that easily pass through existing company-specific defenses. Such attacks, as a rule, are really purposeful - codes are developed under the order to penetrate the corporate network of a particular company, after having previously studied, for example, using IT tools and associated protective mechanisms used by the company in competitive intelligence methods. Such an attack could well be an attack on the RSA and Sony.
- Sneak. In some cases, targeted attack is considered, which is fixed in the information system and hackers for a long time monitor the malicious codes implemented during the attack. Such hidden attacks can steal a lot of valuable data, although it is much more difficult to organize them. Hackers have to constantly change the codes so that they cannot be detected, use hidden channels of interaction with the deployed agents and leave in the captured system a lot of Trojan codes that will allow you to regain control of the system in case of an intrusion. As an example of such an attack, you can bring an attack on the Target chain of stores, where attackers managed to go unnoticed for quite a long time, which made it possible to steal a significant amount of data.
')
These signs are the most common, and, most importantly, they to a certain extent allow you to build protection against APT - which is why they are used by the marketing services of the manufacturers of protective equipment, for which APT is a way of intimidating customers before selling their products. At the same time, it is possible that there are more qualifying signs of targeted attacks, which are less practical from a marketing point of view, but nonetheless characterize targeted attacks.
Source: https://habr.com/ru/post/222321/
All Articles