Targeted attacks and APTs

Targeted attacks and APTs

Modern cyber attacks happen now via a set of cyber espionage processes called Advanced Persistent Threats (APTs) that are capable of running silently for a long period of time collecting specific information on a victim’s computer or network.

Nowadays, attackers do not try to penetrate a security perimeter in a straightforward manner by scanning and exploiting found vulnerabilities, as it may attract too much attention to the attack and it will be blocked in a matter of minutes.

Attackers prefer using more sophisticated techniques based on social engineering to allow a spy program to operate in a hidden way for unlimited amount of time not attracting extra attention from a victim and having an ability to harvest sensitive information and send it to a Command and Control (C&C) server.

The most popular techniques used in targeted attacks are:

  • Spear-phishing emails
  • Watering hole attacks
  • Zero-day exploits

Before running a targeted attack an attacker performs reconnaissance to understand how a targeted environment looks like.

The general APT model might look like:

  • Reconnaissance
  • Penetration using:
    • Spear-phishing
    • Watering hole
    • USB removable storage
  • Delivery of the APT kit
  • Lateral movements and EoP
  • Data collection
  • Data exfiltration