Advanced persistent threat

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.[1][2] In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.[3]

Such threat actors' motivations are typically political or economic.[4] Every major business sector has recorded instances of cyberattacks by advanced actors with specific goals, whether to steal, spy, or disrupt. These targeted sectors include government, defense, financial services, legal services, industrial, telecoms, consumer goods and many more.[5][6][7] Some groups utilize traditional espionage vectors, including social engineering, human intelligence and infiltration to gain access to a physical location to enable network attacks. The purpose of these attacks is to install custom malware (malicious software).[8]

APT attacks on mobile devices have also become a legitimate concern, since attackers are able to penetrate into cloud and mobile infrastructure to eavesdrop, steal, and tamper with data.[9]

The median "dwell-time", the time an APT attack goes undetected, differs widely between regions. FireEye reported the mean dwell-time for 2018 in the Americas as 71 days, EMEA as 177 days, and APAC as 204 days.[5] Such a long dwell-time allows attackers a significant amount of time to go through the attack cycle, propagate, and achieve their objectives.

  1. ^ "What Is an Advanced Persistent Threat (APT)?". www.kaspersky.com. Archived from the original on 22 March 2021. Retrieved 11 August 2019.
  2. ^ "What Is an Advanced Persistent Threat (APT)?". Cisco. Archived from the original on 22 March 2021. Retrieved 11 August 2019.
  3. ^ Maloney, Sarah. "What is an Advanced Persistent Threat (APT)?". Archived from the original on 7 April 2019. Retrieved 9 November 2018.
  4. ^ Cole., Eric (2013). Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization. Syngress. OCLC 939843912.
  5. ^ a b "M-Trends Cyber Security Trends". FireEye. Archived from the original on 21 September 2021. Retrieved 11 August 2019.
  6. ^ "Cyber Threats to the Financial Services and Insurance Industries" (PDF). FireEye. Archived from the original (PDF) on 11 August 2019.
  7. ^ "Cyber Threats to the Retail and Consumer Goods Industry" (PDF). FireEye. Archived from the original (PDF) on 11 August 2019.
  8. ^ "Advanced Persistent Threats: A Symantec Perspective" (PDF). Symantec. Archived from the original (PDF) on 8 May 2018.
  9. ^ Au, Man Ho (2018). "Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat". Future Generation Computer Systems. 79: 337–349. doi:10.1016/j.future.2017.06.021.