By Tarik Saleh, Senior Security Engineer at DomainTools
Advanced Persistent Threats are long term patterns of network exploitation that go undetected for extended periods of time and are usually aimed at high profile targets such as governments, higher education institutions, political activists, and companies. They are often motivated by economic, political, and financial reasons, and the attacks tend to be highly targeted, resourceful, and risk tolerant.
The typical APT involves several phases:
Infiltration/Initial compromise:
This is when a malicious actor gains access to the network. The most common way in which criminal groups gains a foothold is through spearphishing or other forms of highly targeted, socially engineered attacks. These are preceded by a reconnaissance phase, when attackers collect information about the organisation they intend to breach, such as network hierarchy, operating systems and other relevant information that will allow them to remain undetected.
Lateral Movement in the network:
In this phase, hackers consolidate their presence on the network and open a communication channel between the compromised system and the command and control server. This usually requires stealing credentials, where threat actors use Man-in-the-Middle techniques or keyloggers to obtain access to specific areas of the network.
With the stolen credentials, attackers can further expand to control desktops, or even obtain domain credentials to log in systems, servers and switches.
Exfiltration of relevant information:
At this stage, attackers have likely gained access to the type of data they’re trying to steal (credit cards, PII, etc) and they can start moving that data out of the network with the goal of not being detected.
Covering their tracks:
It’s in the a ..
Support the originator by clicking the read the rest link below.
