The Rise of APTs
Advanced persistent attacks (APT) use continuous, stealthy, and clever hacking techniques to gain access to a system and stay inside for an extended period. Because of all the effort needed to carry out these attacks, APTs are usually aimed at high-value targets, like governments and large corporations, to steal large amounts of information over a long period, rather than just “drop-in” and leave quickly, as many hackers do during lower-level cyber attacks. In November 2020, Russian-linked hacking APT group Sofacy, also known as APT28 and Fancy Bear, spread phishing emails related to COVID-19 to infect devices with a backdoor called Zebrocy. Sofacy has been linked to numerous attacks on governments and businesses around the world. Other active APT groups are APT41 (Double Dragon), APT35 (Charming Kitten), APT33 (Elfin Team), APT38 (Lazarus Group), APT37 (Ricochet Chollima) and APT29 (Cozy Bear).
APTs should be on the radar for businesses and governmental entities everywhere. However, this doesn’t mean that smaller or medium-sized businesses should ignore this type of attack. APTs are increasingly targeting smaller companies that make up the supply-chain portion of their ultimate target as a way of gaining access to those larger organizations. They use these smaller companies, which tend to be less well-defended, as stepping-stones.
APT attacks occur in stages:
Stage One: Gain Access to the Target
Cybercriminals gain entry to a network through an infected file, junk email, or an app vulnerability and then insert malware into the target.
Stage Two: Deepen Access to the Most Sensitive Data on the Network
Once inside, hackers use password cracking to gain access to administrator rights to control more of the system and achieve even greater access.
Stage Three: Move Laterally
Once administrator rights are achieved, hackers move around at will. They also attempt to access other servers and other parts of the network.
Look and Learn
From the inside, hackers can fully understand a network and its vulnerabilities, allowing them to harvest data at will.
Hackers can keep this process running indefinitely or withdraw once they accomplish their goals. They often will leave back door access available for the future.
Because corporate cybersecurity tends to be more sophisticated than a home user’s, the attackers often require someone on the inside to achieve entry. That doesn’t necessarily mean that a staff member knowingly participates in the attack. It usually involves social engineering techniques, such as whaling or spear phishing.
The major danger regarding APT attacks is that even after discovery, hackers may have left multiple backdoors open that allow them to return at will. Additionally, many traditional cyber defenses, like antivirus programs and firewalls, can’t always protect against these kinds of attacks.