Advanced Persistent Adversaries
Have you ever seen a movie where an incredible heist was perpetrated? Maybe a major Las Vegas casino’s vault was emptied or a highly improbable target like the White House was robbed. To pull off heists of this magnitude, an “all-star” team of criminals was required—each having exceptional skills and dedicated roles.
You might be surprised to learn that IT assets in the real world are under attack by similar “all-star” teams—called advanced persistent threats (APTs). Like the movie teams, APTs are highly skilled, well funded, and use sophisticated multi-modal multi-step attacks against their targets. Unlike typical hackers who often are seeking monetizable information, such as protected personal information, APTs want to quietly “live” in a system and siphon off sensitive intangible information like product research. As such, APTs are significant threats and require different sets of controls.
To prepare for this Discussion, search the Internet and review 2–3 instances of recent APT attacks that have occurred in the last five years.
Explain the techniques the APTs used.