Targeted attacks and APTs

Targeted attacks and APTs

Modern cyber attacks happen now via a set of cyber espionage processes called Advanced Persistent Threats (APTs) that are capable of running silently for a long period of time collecting specific information on a victim’s computer or network.

Nowadays, attackers do not try to penetrate a security perimeter in a straightforward manner by scanning and exploiting found vulnerabilities, as it may attract too much attention to the attack and it will be blocked in a matter of minutes.

Attackers prefer using more sophisticated techniques based on social engineering to allow a spy program to operate in a hidden way for unlimited amount of time not attracting extra attention from a victim and having an ability to harvest sensitive information and send it to a Command and Control (C&C) server.

The most popular techniques used in targeted attacks are:

  • Spear-phishing emails

  • Watering hole attacks

  • Zero-day exploits

Before running a targeted attack an attacker performs reconnaissance to understand how a targeted environment looks like.

The general APT model might look like:

  • Reconnaissance

  • Penetration using:

    • Spear-phishing

    • Watering hole

    • USB removable storage

  • Delivery of the APT kit

  • Lateral movements and EoP

  • Data collection

  • Data exfiltration