Many organizations would have come across data security breaches resulting in financial losses and disruptions of their services. Though lots of Preventive and detective techniques exists, recently large- scale security breaches exist because of Advanced Persistent Threats (APT).
APT are different from other attacks where they can adapt to any environments and overcome the existing protection mechanisms. They maintain their connectivity with the host system until their objectives are reached.
APT can be done through social engineering techniques such as spear phishing, where the hacker through e-mail spoofing gains sensitive information. The sender name can resemble any reputed organizations (any banks, any payment gateways). Once the user clicks the link or downloads any docs there are chances of downloading a malware.
The attackers generally use multiple phases to attack a host, prevent them from detection and steal their information for a long period of time.
Phase 1: Research/Reconnaissance phase: The attacker will obtain information through extensive research to understand about the victim
Phase 2: Incursion phase or Invasion phase: The attacker will incur into the host through social engineering technique (e-mail spoofing)
Phase 3: Discovery Phase: The attacker uses low and slow strategy to avoid their detections later learn about the target organization and act to destroy their technological activities
Phase 4: Capture: The attacker once captures the target system, they can gain access to unprotected systems to obtain data's secretly.
Phase 5: Exfiltration: Major APT attacks and losses
Russia, USA, Germany, China, Ukraine and several other countries sustained severe losses due to Advanced Persistent threats.
Some of the myths about the APT are
1) Hackers target only large organizations and nations
Whatever the data that are confidential to the organizations are equally more important for their competitors also, in such case even if the organization are smaller APT can take place.
2) Traditional protections such as antivirus and Firewall are not more effective against APT.
Authored by Rathna Kumar