APT or Advanced Persistent Threat describes cyber attacks mounted by organizational teams that have deep resources, advanced penetration skills, specific target profiles and are remarkably persisent in their efforts. They tend to use sophisticated custom malware that can circumvent most defenses, stealthy tactics and demonstrate good situational awareness by evaluating defenders responses and escalating their attack techniques accordingly.
When Compromise is No Longer an Option – [mandiant.com]
The Advanced Persistent Threat (APT) is a sophisticated and organized cyber attack to access and steal information from compromised computers. The intruders responsible for the APT attacks target the Defense Industrial Base (DIB), financial industry, manufacturing industry, and research industry. The attacks used by the APT intruders are not very different from any other intruder. The main differentiator is the APT intruder’s perseverance and resources. They have malicious code (malware) that circumvents common safeguards such as anti-virus and they tend to generate more activity than wanton “drive by hacks” on the Internet. The intruders also escalate their tools and techniques as a victim firm’s capability to respond improves. Therefore, the APT attacks present different challenges than addressing common computer security breaches.
Defense Industrial Base Cybersecurity – [isalliance.org]
DIB member networks are routinely exposed to hostile intelligence collection as a result of our adversary’s ability to exploit end users and basic network vulnerabilities to gain deep access to proprietary networks. The fundamental problem the defense industry, and perhaps all industries face, is the inherent anonymity of the internet. Almost all our most serious problems stem from the fact that it is too easy to disguise your identity and location. Spam, spoofed e-mail addresses, multi-hopping exploits, and third party domain registration all serve to make internet crime and intellectual property theft all but impossible to prevent. To date, little has been done to raise the costs to the adversary for perpetrating cyber-based crimes against this country’s industries and government.
The US is facing a severe national security challenge from a pervasive, deep penetration of government and private industry information networks by foreign intelligence and organized criminal entities. These efforts have the potential to erode the nation’s position as a world leader in S&T innovation and competitiveness. Foreign intelligence services and sophisticated criminal enterprises have discovered that US government and private sector information, once unreachable or requiring years of expensive technological or human asset preparation to obtain, can now be accessed, inventoried, and stolen with comparative ease.
Under Cyberthreat: Defense Contractors – [businessweek.com]
Most of the attacks in about the last three to four years have [involved] legitimate credentials. The analogy would be that they had a set of keys to your home and they know the codes to your alarm system at home so they can enter and leave as they please, without leaving a track unless you’re looking for things like entering during an abnormal hour of the day when you’re at work.