Stay in touch
Sign up to get the latest News about Cloud Security.
Five Stages of an APT AttackUnlike “common” virus and spam attacks, in which hackers send a large number of infected emails to hit random victims, an APT grouping deliberately seeks a high-ranking target chosen for its objectives. The attackers proceed according to a classic pattern, which can be divided into 5 stages:
1. Exploring and researchingOnce a target has been selected, the first phase of the attack is to gather as much information as possible about the company or organization. Hackers are particularly likely to access corporate websites, social media and other sources open to the public to find possible points of entry into the target’s systems.
2. Invasion of the systemIf the attacker has gathered a conception of the structure of his target and knows which IP addresses, domains and systems are connected in which way, he will be able to search for vulnerabilities in detail. To finally gain access to the systems of the target, the hackers use various methods: Social engineering, such as CEO fraud & phishing as well as ransomware, blended and targeted attacks are among the best known. Cyber security is not just about computer systems and networks – APT groupings often use the “human factor” as a vulnerability by exploiting human traits such as helpfulness and trust. A recent survey conducted by the Federal Office for Information Security (BSI) revealed that one in six employees would respond to a fake email from the executive floor and disclose sensitive company information.
3. Spying out and spreadAs soon as the hackers have access to the system, they usually operate as carefully as possible so as not to attract attention. The company’s security measures and deployed software are identified so that further security holes can be exploited to extend attackers’ access to the network. With the help of keyloggers and the found data, an attempt to find out passwords and thus gain access to other data records and systems is made.
4. Execution of the attackThe perpetrators access the unprotected systems and start to act according to their motivation and objectives for this attack. For example, sensitive company data can be collected over a long period and/or malware can be installed to the IT system. Also, the paralyzing of systems and thus of the operational procedures is an option.
5. Filtering and analysis of the dataThe data and information collected is sent to the APT Grouping’s base for analysis. To have further access to the infected system of the company at any time and especially unnoticed, a kind of “back door” can be installed by the attackers.
Detecting and preventing APTsRegarding such individualized and manual procedures in particular, the focus of IT security should rest on targeted detection and immediate reaction to possible attack attempts. With the daily flood of incoming and outgoing emails, manual monitoring of individual attachments or content indicating CEO fraud, for example, cannot be handled.
- We Eat Spyware, Ransomware and Trojans for Breakfast – Check out our Breakfst Campaign for Advanced Threat Protection.
- Further information on cyber security an now be found in the Hornetsecurity Knowledge Base.
- Hornetsecurity Service to protect against Advanced Persistent Threats: Advanced Threat Protection