Retrospective Analysis

An advanced persistent threat (APT) is a targeted attack that is stealthy and can maintain its presence in victimized systems for months if not years without detection. Infiltration by APT typically begins with a prolonged campaign against a specific target. The “advanced” aspect of APT does not necessarily imply the attack is based on advanced technology but rather that the attack deploys a combination of methods, ranging from traditional techniques to custom code while launching the assault. The attackers have complete situational awareness and are adaptive when it comes to altering attack approaches. As APTs are typically launched by well-funded and well-organized entities, the attack objectives are focused and specific, such as acquiring military or commercial intelligence or inflicting some type of damage. Therefore, the “persistent” aspect of APT comes from the fact that the attack will not stop until the successful infiltration and the intended objectives have been achieved.

Because APTs are not traditional threats, they cannot be treated as traditional threats, and the traditional security mechanisms are ineffective at detecting and defending against them. For example, with all of the known APTs that have been uncovered, none has ever triggered an IDS system. The lack of visible symptoms does not imply that security compromises do not exist or that exfiltration of sensitive data is not already underway. Therefore, planning, designing, ...