Advanced persistent threat: definition
An advanced persistent threat (APT) uses malware to gain unauthorized access to a network. It remains undetected until launched to steal data, compromise the network, gather intelligence, or deploy additional malware.
Advanced persistent threat: examples
Advanced persistent threats date back to the 1980s. Three of the more notable examples of an advanced persistent threat include:
- GhostNet: Considered one of the most sophisticated advanced persistent threats, GhostNet was implanted via spear-phishing. It recorded both audio and video to monitor compromised computers, mainly targeting political and media sites in over 100 countries.
- Deep Panda: Its primary purpose is to steal government and defense files. Like GhostNet, its primary purpose is espionage.
- Helix Kitten. Believed to originate from Iran, most of the targeted victims are in the Middle East. It uses Microsoft Excel macros to implant malware.
- Silence: Unlike the previous advanced persistent threats where the bad actors are motivated primarily by politics and are state-sponsored or at least state-tolerated, the objective of Silence is to steal money. It targets banks to gain access to financial instruments and siphon funds.
How to detect an APT attack?
Advanced persistent threat malware is most often installed using phishing, spear-phishing, URL impersonation, and other tactics that target email users. To protect against an APT attack, and organization must deploy an email security solution to detect and isolate malware and other targeted email attacks.
Advanced persistent threat: raising the stakes for cyber security
Advanced persistent threats are attacks on an organization's network where an unauthorized individual gains access and remains in the network, undetected for a period of time. Because the objective of advanced persistent threats is to steal information rather than to cause damage, it may take days, weeks or months for organizations to realize that they have been hacked.
Perpetrators of advanced persistent threats often attack organizations that deal with high-value information – companies in manufacturing, national defense and the financial industry are frequent targets. Attackers often use malicious email attachments, spear-phishing and social engineering to breach an organizations defenses.
When successful, advanced persistent threats can be quite costly, dominating the headlines in the nightly news. But stopping these threats is not difficult – when you have the right tools.
Protect your organization from advanced persistent threat
Among the various types of IT security threats, advanced persistent threats remains one of the most dangerous. These targeted attacks use malware to gain unauthorized access to a network and to remain inside the network undetected for as long as possible. An advanced persistent threats may be launched in order to steal data, compromise systems, gather intelligence or deploy more malware.
The damage caused by advanced persistent threats can be devastating, but advanced persistent threats detection technology can help to prevent unauthorized access and quickly shut down threats. Defending against advanced persistent threats requires a multi-layered approach to email security, as attackers will use a wide variety of tactics to find a point of vulnerability.
Because so many of these advanced attacks start with email, organizations worldwide are turning to email security services from Mimecast.
Stopping advanced persistent threat with Mimecast
Mimecast provides best-of-breed security services to stop advanced persistent threats as well as
insider threat attacks, impersonation fraud, ransomware and other sophisticated forms of cyber crime.
Mimecast's cloud-based services help to reduce the cost and complexity of keeping email safe for business. Comprehensive, multi-layered detection engines and sophisticated threat intelligence not only provide advanced threat protection but help to stop viruses, malware, spam and other attacks from reaching your email system. Mimecast's data leak prevention services can power an insider threat program, and secure messaging tools provide an easy solution for email encryption.
Multiple solutions for advanced persistent threat detection
Mimecast Targeted Threat Protection offers a multi-layered approach to advanced persistent threat detection, defending against the three most common attack methods: malicious links, weaponized attachments and social-engineering.
Targeted Threat Protection – Impersonation Protect provides targeted attack protection by scanning all inbound email for the tell-tale signs of social-engineering tactics often used to dupe recipients into divulging information or transferring funds. Suspicious emails can be blocked, quarantined or tagged with a warning before being sent onto recipients.
Targeted Threat Protection – URL Protect prevents users from opening malicious URLs that can trigger an advanced persistent threat. Mimecast scans the links in all incoming and archived emails on every click and opens them only after the target sites have been determined to be safe.
Targeted Threat Protection – Attachment Protect preemptively sandboxes and scans attachments before they are delivered to employees. This advanced persistent threat detection solution can also convert or transcribe attachments to a safe format before passing them on to users.
Together, Mimecast’s email threat protection services provide a highly effective and integrated solution for detection of advanced persistent threats.
Learn more about advanced persistent threat detection with Mimecast.
FAQs: advanced persistent threat
How do advanced persistent threats work?
An advanced persistent threat uses malware to gain unauthorized access to a network. It remains undetected until launched to steal data, compromise the network, gather intelligence, or deploy additional malware.
Who are the main targets of advanced persistent threats?
The main targets of advanced persistent threat attacks are generally political or economic in nature. The intention is to either gain information for the purpose of disrupting government operations or gain access to financial instruments and siphon funds. Consequently, any organization that interacts with the government and/or uses financial instruments is a target. Which mean just about any large organization is a potential target.