Connect with us

Hi, what are you looking for?


Incident Response

The Democratization of APT

APTs: The Battlefield and Rules of Engagement Have Changed

APTs: The Battlefield and Rules of Engagement Have Changed

The early era of cyber security differed little from physical security.  To shield information technology (IT) from damage and keep client identity or financial data confidential, all a company needed to do was build a perimeter and surveil it.  From a purely technological perspective, cyber defense was simple—a firewall, secure email and antivirus software—but effective.

But that was then.  In 2015, shrewd social engineering— combined with sophisticated software engineering—is increasingly becoming a determining factor of a successful cyber attack.  Here, the emergence of the advanced persistent threat (APT) is perhaps the textbook example.  By manipulating human emotions, or convincingly replicating everyday communications, typically by “spear phishing,” APTs can breach computer network security and install malicious software, or malware, to carry out zero day attacks.    

Even worse, like mobile application software, smartphones or the Internet itself, APTs are no longer solely the property of the technologically elite but available for sale to anyone. 

Advanced Persistent Threats

 Broadly speaking, the rise of APT is a telltale sign of the changing paradigm in cyber security.  Today, a security breach is no longer a question of if, but when.  Ignore the new normal and face peril from APTs.  Additionally, in targeting the “weak link” in cyber security—people—APTs merge 21st century technology with predatory cunning. 

Every day, more and more people are using the Internet, sharing personal details, contact information and professional backgrounds across a slew of social media.  Not only that, but banking, insurance and medical data is now available electronically. 

Phishing is predicated on the comfort and familiarity people have with interacting online and navigating a website by clicking links.  Meanwhile, social media—Facebook, LinkedIn—are fertile ground for reconnaissance.  Done right, that espionage is effective.  Even immediately following a training session on cyber security, BAE Systems Applied Intelligence has found that more than 1% of attendees still clicked on suspect links. 

Advertisement. Scroll to continue reading.

Once security is breached, the goal of APTs is to hide among network traffic, blending in while executing with devastating efficiency.  In 2014, a data breach at insurance provider Anthem resulted in social security information being stolen from 80 million people, while a similar breach at Home Depot 65 compromised million emails.  Retailer Target incurred expenses estimated to total $162 million in 2013 and 2014 for its breach, according to earnings reports from early 2015.   

That kind of historic performance is a readymade soft sell, and the emerging services-based cyber crime economy is rising to meet black market demand for APTs.  Now bought and sold on the dark web, APTs are no longer reserved for nation-state spy warfare, nor needlessly sophisticated.  The bottom line is that with the barrier to entry for would-be attackers lowering due to the burgeoning cyber crime as a services sector, the threat of APTs is growing rapidly.     

However, by deploying detection capabilities that can find the underlying suspicious behavior in their IT systems caused by APTs and malware, companies can block and neutralize APTs.  

For example, detection systems can keep watch for anomalous network behavior, like a server communicating with another server with no previous record of communication or information exchange that never appeared before.  That analysis cannot be done manually and the attack will normally stay dormant for a long period. Now, attacks are staggered. 

But, because APTs are reliant on social engineering, companies can make significant progress in mitigating the threat of APTs by educating employees outside of the IT department.  As mentioned earlier, cyber criminals spend time researching staff to gain access.  Making personnel aware of how they are being targeted will reduce vulnerability. 

However, the biggest lesson we can learn from APTs is that the world of cyber defense is no longer black and white.

The industry has had a difficult time shifting its point of view and understanding cyber protection is no longer about keeping risk out but protecting its assets and business.  Though time for reflection in cyber defense is scarce, what APTs have shown us above all else is that while the battlefield and rules of engagement have changed, the people fighting the battle remain as committed as ever. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.