advanced persistent threat (APT)
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization. APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry.
Download this free guide
Go Now: Malware Protection Best Practices
Should security teams clean up the malware and move on or format the hard drives to start over with a clean system? In this expert guide, security pros weigh in on how antimalware protects the enterprise.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
In a simple attack, the intruder tries to get in and out as quickly as possible in order to avoid detection by the network’s intrusion detection system (IDS ). In an APT attack, however, the goal is not to get in and out but to achieve ongoing access. To maintain access without discovery, the intruder must continuously rewrite code and employ sophisticated evasion techniques. Some APTs are so complex that they require a full time administrator.
An APT attacker often uses spear fishing. a type of social engineering. to gain access to the network through legitimate means. Once access has been achieved, the attacker establishes a back door .
The next step is to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. The back doors allow the attacker to install bogus utilities and create a ghost infrastructure for distributing malware that remains hidden in plain sight.
Although APT attacks are difficult to identify, the theft of data can never be completely invisible. Detecting anomalies in outbound data is perhaps the best way for an administrator to discover that his network has been the target of an APT attack.
This was last updated in November 2010
Learn how threat intelligence services can thwart advanced persistent threats.
Continue Reading About advanced persistent threat (APT)
browser hijacker (browser hijacking) A browser hijacker is a malware program that modifies web browser settings without the user’s permission and redirects the user. See complete definition computer worm A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining. See complete definition keylogger (keystroke logger or system monitor) A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and. See complete definition