JSR:
It seems that of the three words which make up this concept, it's the "persistent" part which is most important. And in terms of "advanced", it must be advanced if the hacker is able to break through network security without being noticed.
The idea is that once the hacker breaks through, they will not be wreaking havoc, rather they will be stealing/gathering information. If they were to wreak even a little havoc, that would "blow his/her cover", and "set off the alarm bells".
Elsa:
APTs: unauthorized person gains access to a network and stays there, undetected, for a long time, in order to steal data (usually not so much to damage the other computer/network). Goal is not to get in and out quickly, but to stay in the network and continuously steal data.
Advanced, persistent, often targeted, evasive
10) How are APTs (Advanced Persistent Threats) more of a style than a specific method?
APTs refer to a set of hacking processes/phases, rather than one specific type. APTs have things in common - they usually target specific organizations or nations.
APTs are advanced, persistent, and threatening.
Set of processes used for common goal.
Advanced: sophisticated technology/techniques used with malicious intent towards the target.
Persistent: long-term command from attacker
Threat: involves active human action
APT doesn't generally apply to individuals (as they alone aren't advanced or persistent enough)
ATP characteristics (copied from Wikipedia):
• Objectives — The end goal of the threat, your adversary
• Timeliness — The time spent probing and accessing your system
• Resources — The level of knowledge and tools used in the event (skills and methods will weigh on this point)
• Risk tolerance — The extent the threat will go to remain undetected
• Skills and methods — The tools and techniques used throughout the event
• Actions — The precise actions of a threat or numerous threats
• Attack origination points — The number of points where the event originated
• Numbers involved in the attack — How many internal and external systems were involved in the event, and how many people's systems have different influence/importance weights
• Knowledge source — The ability to discern any information regarding any of the specific threats through on-line information gathering (you might be surprised by what you can find by being a little proactive)
11) What are some other weapons used in APTs?
Social engineering is the process of psychologically manipulating people into doing something or revealing information, and this process is used in APTs when targeting individuals in order for the APT to be successful.
Phases of APT attacks (As reported by Michael Cobb, Infosec Institute)
Phase 1: Reconnaissance [often uses phishing to find the "weakest link" in order to introduce the malware into the system, i.e. finding an individual involved in the targeted organization that may trust the fake message and allow the APT]
Phase 2: Spear phishing attacks [explained below]
Phase 3: Establish Presence [staying undetected while mapping out the network and deploying attack tools]
Phase 4: Exploration and Pivoting ["Pivoting is a process where the criminal compromises one system and uses that system to explore other networks on the same network – eventually infecting them and bypassing all perimeter security"]
Phase 5: Data Extraction [data is extracted onto the attacker's server using techniques such as encryption and steganography
Phase 6: Maintaining Persistence [attack continues over a long period of time to continue to get information from the target]
12) How can you use social engineering to target organizations in an APT?
Spear phishing: after finding a target, spear phishing is used. It is targeted at the specific individual (usually an individual) to make it as likely as possible for them to fall for it. Individuals are often higher-ups in organizations as they hold the most confidential data. Messages are sent and look like they're from a trusted source, and the content of the message seems to support this, so that the recipient of the message is more likely to trust the message and e.g. click the link in it.
http://resources.infosecinstitute.com/advanced-persistent-threats-attack-and-defense/
GeunHo:
10. How are APTs (Advanced Persistent Threats) more of a style than a specific method?
-APT is a set of stealthy and continuous hacking processes, which are defined by human targeting a specific entity. Due to this nature, APTs are more of a style, because any process targeting a specific entirety which meets the three parts Advanced, Persistent, and Threat will be APTs.
The three parts of APT can be defined as followings:
Advanced: The advanced process signifies sophisticated techniques using malware to exploit vulnerabilities in systems.
Persistent: The persistent process suggests that an external command and control is continuously monitoring and extracting data off a specific target
Treat:The threat process indicates human involvement in orchestrating the attack
11. What are some other weapons used in APTs?
I don't exactly know what it means by "weapons" IN APTs, as I cannot find anything that’s IN APTs, other than its characteristics. Hence this follows:
In terms of APT characteristics,
Objectives — The end goal of the threat, your adversary
Timeliness — The time spent probing and accessing your system
Resources — The level of knowledge and tools used in the event (skills and methods will weigh on this point)
Risk tolerance — The extent the threat will go to remain undetected
Skills and methods — The tools and techniques used throughout the event
Actions — The precise actions of a threat or numerous threats
Attack origination points — The number of points where the event originated
Numbers involved in the attack — How many internal and external systems were involved in the event, and how many people's systems have different influence/importance weights
Knowledge source — The ability to discern any information regarding any of the specific threats through on-line information gathering (you might be surprised by what you can find by being a little proactive)