Page 98 - index
P. 98
How to Defend Against an Advanced Persistent Threat
by Richard Henderson
Since the dawn of the computer age, people have used advanced software in a persistent manner to
target specific companies or individuals in an attack designed to either damage or steal data. What
makes today’s APTs unique and frightening are the sophistication of the malware, the vectors they’re
choosing for attack and the perseverance with which they’re going after their targets.
In the following story, we’re going to examine the stages of an APT attack and how to best protect
against them.
The Stages of an Attack
There are many steps that must be taken in order for an Advanced Persistent Threat to be successful.
Target Selection: The attacker first determines whom they wish to infiltrate and what they wish to steal.
Is the attacker after confidential financial data? Source code? Technical drawings? All of these help
determine a specific target.
Investigation and Research: Once a target has been selected, the attacker does extensive background
research on his target. By combing through search engines, employee social network activity, public
email and phone directories and other sources of easily obtained data, the attacker can build a profile as
well as a detailed list of other potential human targets inside an organization.
Initial Entry: After a target has been acquired, the attacker typically creates a customized phishing email
in the hope that their target will open an attachment that contains an exploit that allows the attacker to
plant remote access malware on the target’s computer.
Privilege Escalation: Once the attacker has gained a foothold inside a target’s network, an attempt is
made to exploit vulnerabilities on other internal computers to gain further access on the network. Once
access has been gained, the attacker can then move deeper into the target’s network.
Lateral Movement: If the attacker was successful in gaining further access inside the network, they can
then expand their control to other machines on the network and compromise other computers and
servers, allowing them to access data throughout the network.
Data Exfiltration: Once network access has been achieved, data can be easily stolen. Passwords, files,
databases, email accounts and other potentially valuable data can all be sent back to the attacker.
Maintenance: Even after the requisite data has been stolen, an attacker may decide to remain present
on the target’s network. This requires vigilance on the attacker’s part in order to evade detection and
maintain surveillance on the target’s data assets to ensure further data can be stolen.
98 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
