Advanced Persistent Threats- Advanced persistent threats (APTs) have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time.
They typically perform complex hacks that allow them to steal or destroy data and resources.
According to Accenture, APTs have been organizing themselves into groups that enable them to share tactics and tools to carry out attacks at scale. Russian group Silence APT, for instance, has been reported to be actively targeting financial institutions and have successfully stolen millions of dollars from various banks worldwide.
Smaller organizations also need to be wary of such threats. APT groups also use automated tools and botnets to gain access to networks, and these tactics don’t discriminate based on size, industry, or value. Any vulnerable infrastructure can be breached. It is now critical for all organizations to understand how APTs operate and implement the necessary security measures to mitigate them as threats.
Signs that an APT may be lurking
APTs operate covertly, so organizations may not even realize that they have been breached until something really goes awry. InfoTrax Systems, for example, was only able to detect years-long breach after its servers’ storage was maxed out. IT teams have to look out for the indications that an APT might be lurking within the network.
A few distinct signs include:
Excessive logins — APTs typically rely on compromised access credentials to gain routine access to networks. They can either brute force attempts using login name and password credential dumps or legitimate credentials stolen from social engineering and phishing attacks. Excessive or suspicious login activities, especially in odd hours, are often attributable to APTs.