Updated date:

How Cybercriminals Are Raising the Bar With Apt-Style Attacks

Security Analyst || Cloud Tech || Enterprise Secuity Advocate

Introduction

Cybercriminals are becoming increasingly sophisticated in their approach to infiltrating existing security measures. One of the more recent threats that have come to light in recent years involves Advanced Persistent Threats- style attacks or APTs.

APTs are significantly more dangerous than most threats as they can be extremely inconspicuous. APT-style attacks generally take place over a long period after a hacker gains access to an enterprise's network and lies dormant after doing so. However, just before this period of dormancy, the bad actor is actively collecting data that is being shared through this particular network.

For this reason, APT-style attacks are more common among government and public organizations. One of the most famous ones was the Titan-Rain in 2003, allegedly by the Chinese People's Liberation Arif. Bad actors used APT attacks to infiltrate the networks belonging to government organizations like NASA and the FBI.

Network security

enterprise network

enterprise network

Breaking Down an APT-Style Attack

Understanding how an APT-style attack is extremely crucial when it comes to creating a strategy to beat it. A typical APT attack occurs in the following manner:

  • Obtaining access

The first step in an APT attack involves gaining access to the target's network currently. They infiltrate the network through the usual entry strategies like phishing emails or finding gaps in the security of an application.

If the malware is successfully inserted into a network, the hacker will gain visibility into the information going in and out of the network. At this point in time, the attack is in the "compromisation stage.”

During this stage, the hacker will look to create footholds within the network. They can do so through remote file inclusion, SQL injection, and even cross-site scripting.

  • Establishing pathways

The next step is to gain as much visibility into the information traveling through the network as possible. They do so by creating several entry points or "tunnels" that will allow them to travel through the network while also being concealed. Another benefit of creating entry points is that the attack can still take place even after an entry point is closed.

  • Increasing access

The bad actor will now look to steal administrator rights so as to create a more reliable network access point. If they are successful, then the hackers can easily traverse the network. Gaining admin rights will also mean that the attackers can also infiltrate the other servers on the network. Therefore, the hackers are increasing the size of the access networks.

  • Encryption

At this juncture, malware inserted into the network will collect and exfiltrate data from the network. However, before exfiltration, they encrypt the data and compress it to make the next steps easier. This activity is carried out primarily under the control of the hacker. If the attack reaches this stage, the network and security measures protecting it are said to be breached instead of compromised.

  • Dormancy

The hackers can go undetected for extremely long periods in comparison to other cyberattacks. They lie dormant in the network and can continue ex-filtering information from it whenever required.

What Makes APT Attacks So Dangerous?

To answer this question, you need to first understand the various aspects of an APT attack, which includes:

  • Customization

APT attacks are specifically designed keeping in mind a particular target. Therefore, the hackers have prior knowledge of certain vulnerabilities that may be present within the network.

  • Infiltration of the entire network

Another aspect that differentiates an APT attack from a typical cyber-attack is that it targets the entire network as a whole. Other cyberattacks may simply restrict themselves to one particular region of the network and refrain from taking over the entirety of the network.

  • Long duration

As mentioned before, APT attacks are prolonged attacks meaning that intruders are free to collect information any time they need to. Therefore, there is a sizable amount of information that they are receiving over a certain period.

  • Multiple entry points

The fact that there are so many back doors and tunnels in the structure of an APT attack means that it is much more complex than other forms of cyberattacks. In addition, restricting the growth of the malware through a network also becomes increasingly difficult given the fact that a security team will have to block all the possible entry points.

Network attack prevention technique

Network attack prevention technique

Network attack prevention technique

Bottomline

Given the complexity of the attack, one may wonder if there is a chance that one can stop it. National organizations tend to implement security measures like traffic monitoring, which can help detect and eradicate backdoors within the network.

In addition to this, companies may also choose to carry out application and document safe listing and access control to ensure that no unknown party can compromise a domain. Since security measures need to be improved drastically, APT-style attacks indicate that it is increasing the need for cybersecurity.

This content reflects the personal opinions of the author. It is accurate and true to the best of the author’s knowledge and should not be substituted for impartial fact or advice in legal, political, or personal matters.

© 2021 Louis Cooper

Related Articles