Just how long can advanced persistent threat last?
What is the most complex cyberattack? While the answer is certainly up for debate, a leading candidate has to be APT: advanced persistent threat.
A good explanation of APT comes from Cisco. “An advanced persistent threat (APT) is a covert cyber-attack on a computer network where the attacker gains and maintains unauthorized access to the targeted network and remains undetected for a significant period. During the time between infection and remediation the hacker will often monitor, intercept, and relay information and sensitive data.”
What makes APT so complex? The need for prolonged stealth. If you want to rob a bank, you get in and out as fast as possible. That doesn’t require prolonged stealth. But if you want to move into the bank and live there and continue to steal over a long period of time, that takes quite a bit of stealth.
The scary thing about APT is that there’s generally no expiration date. And as long as it remains undetected, it will continue to do mischief.
How Long Can APT Last?
If an attacker is sophisticated enough to have the attack remain undetected, there’s really no way to know how long an APT can last. But there is evidence of them lasting at least a decade.
From SC Magazine, “Researchers on Wednesday discovered an advanced persistent threat group that targeted Indian dissidents and remained undetected for a decade or more, starting with simple phishing lures some 10 years ago and then graduating to providing links to files hosted externally in the cloud for manual download and execution by the victims.”
The most important question may not be how long can an APT last, but rather how are the ever detected? Or better yet, how can they be avoided altogether?
One Way to Avoid APT
The best way to defend against APT is not to detect it at all but to avoid it completely. And one very effective way to do that is with threat modeling.
APT can be an application problem or it can be an infrastructure problem, and threat modeling is one of the few cyber defense mechanisms that helps with both. Not only does threat modeling help you visualize every part of your application/infrastructure, but more importantly, it helps you visualize how all these parts communicate with each other. And in those communication channels is where APTs reside.
If you can visualize how the different parts of your system communicate, you can also visualize how they would enable an attacker to gain access to those parts of the system if they were compromised. And if you can visualize how and attacker can gain access to those parts, you
can place appropriate controls there to protect the applications and infrastructure that are most vulnerable to APT attacks.
Find Out More
If you don’t learn to avoid APTs, it may be awhile before you detect them. To discover how threat modeling in general and ThreatModeler in particular can help you avoid APTs, click here for a live demo.