What Is an Advanced Persistent Threat?
Advanced Persistent Threat (APT), also known as Advanced Persistent Threat, Advanced Persistent Threat, etc., refers to the hidden and persistent computer intrusion process, which is usually carefully planned by certain personnel and targeted at specific targets . It is usually commercial or politically motivated, targeted at a specific organization or country, and requires high concealment over a long period of time. Advanced long-term threats consist of three elements: advanced, long-term, and threat. The senior emphasizes the use of sophisticated malware and technologies to exploit vulnerabilities in the system. Long-term implies that an external force will continuously monitor and obtain data from specific targets. Threats refer to man-made attacks.
- Advanced persistent threat (APT), also known as advanced persistent threat, advanced persistent threat, etc. APT initiator, such as
- In 2005, some computer emergency response organizations in the United Kingdom and the United States issued reports reminding people that certain targeted phishing emails could release Trojans and leak sensitive information, but the word "APT" has not been used. The term "advanced long-term threat" is widely believed to have been coined by the US Air Force in 2006, and Colonel Greg Rattray is generally considered the inventor of the term.
- Research by Bodmer, Kilger, Carpenter, and Jones defines the APT criteria as follows:
- Goal-The ultimate goal of the threat, your opponent
- Time-time spent investigating, hacking
- Resources-the knowledge and tools involved (skills and methods are also affected)
- Risk tolerance the extent to which threats can go undetected
- Skills and methods-tools and techniques used
- Action-specific action taken under threat
- Attack Source-Number of Attack Sources
- Numbers involved how many internal or external systems are involved, and how many people's systems have different importance [2]
- The behind-the-scenes of APT will pose a constant threat to the financial property, intellectual property and reputation of the organization. The process is as follows:
- Begin to target a specific organization for a goal
- Attempts to invade its environment (such as sending
- There are tens of millions of variants of malware, so protecting organizations from APT attacks is extremely difficult. Although APT activity is very hidden, the command and control network traffic related to APT is easily detected at the network layer. In-depth log analysis and comparison helps detect APT activity. Although it is difficult to separate abnormal traffic from normal traffic, this work can be done with the help of comprehensive log analysis tools so that security experts can investigate abnormal traffic. [2]