www.pluralsight.com
Open in
urlscan Pro
2606:4700::6813:a17f
Public Scan
Submitted URL: http://track.pluralsight.com/MzA2LURVUC03NDUAAAGAhS51iEk_zeh6gvgfkF50luhUP5L5WIPxA8YauTLnkm6tfAgtHvj-09GmFl-_DYrNy7_IBTA=
Effective URL: https://www.pluralsight.com/blog/security-professional/advanced-persistent-threat-attacks?mkt_tok=MzA2LURVUC03NDUAAAGAhS51iK...
Submission: On November 08 via api from SG — Scanned from DE
Effective URL: https://www.pluralsight.com/blog/security-professional/advanced-persistent-threat-attacks?mkt_tok=MzA2LURVUC03NDUAAAGAhS51iK...
Submission: On November 08 via api from SG — Scanned from DE
Form analysis 1 forms found in the DOM
<form id="header_searchForm" class="header_search--form">
<input type="text" name="q" class="header_search--input" placeholder="What do you want to learn?" autocomplete="off" tabindex="2">
</form>Text Content
___
* Platform
Ways to upskill
* Courses
* Skill assessments
* LabsNEW
* Hands-on learning
* Certification prep
* Team efficiency
Skills for
* Software development
* IT ops
* Info & cyber security
* Cloud computing
* Machine learning / AI
* Data professional
* See our entire course library
Top Trending Paths
Path
Microsoft Azure Deployment
* 4 Courses
* 7 Hours
* Skill IQ available Get your Skill IQ
Path
AWS Operations
* 7 Courses
* 14 Hours
* Skill IQ available Get your Skill IQ
Path
Cleaning Data with R
* 5 Courses
* 8 Hours
* Skill IQ available Get your Skill IQ
Path
Core Python
* 23 Courses
* 41 Hours
* Skill IQ available Get your Skill IQ
Path
Ruby Language Fundamentals
* 7 Courses
* 13 Hours
* Skill IQ available Get your Skill IQ
* Check out the Technology Index
* See our entire course library
* Check out the Technology Index
* Products
Build tech skills to drive results
--------------------------------------------------------------------------------
* What is Skills?
* View plans
Get insights into your workflow
--------------------------------------------------------------------------------
* What is Flow?
* View plans
* Resources
Learn
* Blog
* Customer stories
* Resource center
* Guides
* App download
* Support
Connect
* Events
* Webinars
* Podcast
THE ULTIMATE PLAYBOOK ON TECHNOLOGY SKILL DEVELOPMENT
IMPLEMENT THE STRATEGY FOR BUILDING BETTER TEAMS
LEARN MORE
* For IndividuaIs
*
* Sign in
Sign in with
Skills Sign in
Sign in with
Flow Sign in
* Skill up for free
×
It looks like you may be using a web browser that we don’t support. For an
optimal website experience, try using one of the supported browsers. Chrome,
Edge, Firefox or Safari.
Blog > Technology > Security Professional
Article
ADVANCED PERSISTENT THREAT ATTACKS
OCTOBER 21, 2021
Since 2003, October has served as Cyber Security Awareness month. The
designation was a collaborative effort between the U.S. Department of Homeland
Security and the National Cyber Security Alliance to ensure the safety of
individuals online. The designation was born from the realization that
increasing numbers of Internet users meant an increasing number of cyber
threats.
In honor of the designation, we wanted to bring awareness to one particular
threat that could be detrimental to your organization: Advanced Persistent
Threat (APT) attacks. CIOs, business leaders and learners need to be aware of
what APT attacks are and how APT attacks work.
First, let’s look at what APT attacks are.
What are Advanced Persistent Threat attacks?
APT is a type of threat, like malware, that first gets into one's environment by
some means and sticks around for a while to do its damage (i.e. Persistent).
Once in, the remote attacker manipulates the threat code to probe and then to
compromise the environment, such as leaking sensitive data (i.e. Advanced).
Installing antivirus software is not sufficient protection against APT attacks.
Countering the threat of APT attacks requires a combination of processes and
tools.
How do APT attacks work?
APT’s hallmark feature is its persistence and stealth once inside.
Since there isn't one pattern to the APT, I'll give one example—the Target Data
Breach by RAM Scraper attack. This incident is a bit dated, but it does have all
the components of the APT attack. The attacker stole about 40 million credit
card data from their Point-of-Sale (POS) devices over a 3-week period in that
attack.
This was an APT attack, because once the attacker gained access to Target's
environment via a compromised vendor, the threat probed and then found its way
to the POS systems—the "Advanced" part. It reportedly stuck around for about
three weeks (Persistent) to steal credit card data via a malware dubbed the “RAM
scraper”. In most cases, such as with the Target example, there are three main
stages to the attack: 1. Infiltration, 2. Prolonged stealthy activity, 3.
Exfiltration. It’s also important to remember that these attacks can be stopped
at any one of these stages.
Infiltration Stage
Preventing the initial infiltration requires strong access control. In Target's
case, the attacker impersonated a valid vendor by stealing its login credentials
to Target's vendor portal. Perhaps, multi-factor authentication could have
mitigated this. But there are myriad ways an attacker can get an initial
foothold. So, organizations need to implement best practices around their
network, application and endpoint security.
Prolonged stealthy activity Stage
Once in, APT will usually conduct stealthy activity inside the environment such
as probing, installing malware, etc. Organizations need processes and tools for
detecting and stopping abnormal activities and behaviors. Detecting anomalies
starts from knowing the "normal" or baseline activities. Once you have the
baseline, then use tools such as IDS (Intrusion Detection System), DAM (Database
Activity Monitoring), File Integrity Monitoring (FIM), and Security Information
and Event Management (SIEM) solutions to detect and respond to the threat.
Also, in the "Advanced" part of APT, the attacker will remotely access the
target's environment. So, companies should be vigilant in monitoring any
network traffic coming into their environment via the firewall and IDS. However,
this remote access may be initiated inside the company using compromised
endpoints and malware, so monitoring connections both inbound and outbound is
necessary.
Exfiltration Stage
Finally, APT usually culminates in doing damage such as stealing confidential or
sensitive data. To mitigate the risk of a data breach, one must know what and
where the data is. Once you know what to protect, use tools such as DLP (Data
Loss Prevention) and Endpoint Security to prevent the exfiltration.
Mitigating risks from APT requires first understanding your environment (i.e.
baseline) to detect and respond to anomalies. That takes planning (e.g.
identifying sensitive data, isolating resources, collecting baselines, etc.),
training (e.g. incident response exercises) and continuous monitoring. It also
calls for applying security best practices (e.g., defense in depth, separation
of duties, least privilege, etc.) Mitigating risks from APT attacks also takes
investment in money, people and time.
Best practices organizations should consider for prevention
If the threat cannot infiltrate the target environment, then APT can be stopped
right at the onset. Examples of security control tools and best practices would
be:
1. Network and host hardening to reduce exposure of resources to the threat
2. Vulnerability management to reduce security weaknesses to those services
that are exposed
3. Network and application-level firewalls to stop unwanted traffic from coming
in
4. Strong access control to prevent impersonation and spoofing
5. Endpoint security to prevent compromised end-user devices from becoming the
entry point for the attacker
If the threat does infiltrate the target, then one must be able to detect the
APT activity. APT will strive to be stealthy, but in the end, the goal is to
compromise security. Detecting and responding to this stealthy but anomalous
behavior is the key to prevention. Examples of security control tools and best
practices would be:
1. Network and host-based intrusion prevention system to detect anomalous
behavior
2. File Integrity Monitoring (FIN) to detect access and tampering related to
critical files
3. Database Activity Monitoring (DAM) to detect unusual database queries and
activities
4. Security Information and Event Management (SIEM) to collect, correlate, and
analyze logs in near realtime to detect trends that goes off from baseline
5. Endpoint Detection and Response (EDR) to detect and respond to malicious
activities from the endpoint
Finally, if the mitigation efforts failed to stop the APT from entering and
snooping inside the environment, you want to reduce the risk of damage. A
threat, in general, seeks to compromise the confidentiality, integrity and
availability (CIA) of your systems. Prominent examples of APT have stolen
sensitive data (e.g. Target Data Breach, Panama Papers Data Breach) and tampered
with systems and data (e.g., Stuxnet). Examples of security control tools and
best practices, in this case, would be:
1. Data Loss Prevention (DLP) with Endpoint Security to prevent sensitive data
from exiting from the network or end-user devices
2. Strong data encryption to reduce the usefulness of data even if they are
stolen
3. Data Rights Management (DRM) solutions to control access, usage and track
data once it is "distributed" to the attacker
If an organization is already suffering from an APT attack, then it must
eradicate the threat from its environment. So, let's look at how to combat
something like the Target data breach.
How to combat an APT attack
First, you discover to your horror that millions of data have been breached.
That'll kickstart the response.
Second, now that you know what you lost, you need to stop the leak. You do that
by isolating the system that may be causing the leak, as well as placing
stringent rules for your DLP and EDR. Vigilantly monitor that no leaks are
happening.
Now you can start the forensic work to figure out all the components and changes
that the APT may have put into place inside your environment unbeknownst to you.
In Target's case, it is reported that the APT installed malware into the POS
systems, created file shares, put scripts that periodically exfiltrated the data
to the Internet. Depending upon how extensive the APT activities were, the
forensic effort may be huge.
Once you are sure that your system is back working normally, put security
controls in place to prevent this from happening again.
Terumi Laskowsky, Cybersecurity Instructor
DevelopIntelligence, a Pluralsight Company
https://www.developintelligence.com/
In addition to teaching with DI, Terumi is an IT security consultant in Hawaii,
working with global companies in the U.S. and Japan. Her expertise includes
cloud security, application security and ethical hacking.
Share
--------------------------------------------------------------------------------
Recommended articles
5 KEYS TO SUCCESSFUL ORGANIZATIONAL DESIGN
How do you create an organization that is nimble, flexible and takes a fresh
view of team structure? These are the keys to creating and maintaining a
successful business that will last the test of time.
Read more
WHY YOUR BEST TECH TALENT QUITS
Your best developers and IT pros receive recruiting offers in their InMail and
inboxes daily. Because the competition for the top tech talent is so fierce, how
do you keep your best employees in house?
Read more
TECHNOLOGY IN 2025: PREPARE YOUR WORKFORCE
The key to surviving this new industrial revolution is leading it. That requires
two key elements of agile businesses: awareness of disruptive technology and a
plan to develop talent that can make the most of it.
Read more
--------------------------------------------------------------------------------
Subscribe to the newsletter
Back to blog ›
READY TO SKILL UP
YOUR ENTIRE TEAM?
10
Subscriptions
Need more subscriptions? Contact sales.
Continue to checkout Continue to checkout
Cancel
WITH YOUR PLURALSIGHT PLAN, YOU CAN:
WITH YOUR 14-DAY PILOT, YOU CAN:
* Access thousands of videos to develop critical skills
* Give up to 10 users access to thousands of video courses
* Practice and apply skills with interactive courses and projects
* See skills, usage, and trend data for your teams
* Prepare for certifications with industry-leading practice exams
* Measure proficiency across skills and roles
* Align learning to your goals with paths and channels
READY TO SKILL UP
YOUR ENTIRE TEAM?
10
Subscriptions
Need more subscriptions? Contact sales.
Continue to checkout
Cancel
WITH YOUR PLURALSIGHT PLAN, YOU CAN:
WITH YOUR 14-DAY PILOT, YOU CAN:
* Access thousands of videos to develop critical skills
* Give up to 10 users access to thousands of video courses
* Practice and apply skills with interactive courses and projects
* See skills, usage, and trend data for your teams
* Prepare for certifications with industry-leading practice exams
* Measure proficiency across skills and roles
* Align learning to your goals with paths and channels
╲╱
Solutions
Pluralsight Skills Pluralsight Flow Government Gift of Pluralsight View Pricing
Contact Sales Skill up for free
╲╱
Platform
Browse library Role IQ Skill IQ Iris Authors Professional Services Technology
Index
╲╱
Company
About us Customer stories Careers Blog Newsroom Resource center Guides
╲╱
Resources
Download Pluralsight Events Teach Partners Affiliate program PluralsightOne.org
Subscribe
╲╱
Support
Contact Help center IP whitelist Sitemap
Copyright © 2004 - 2021 Pluralsight LLC. All rights reserved
Terms of Use Privacy Policy
We use cookies to make interactions with our websites and services easy and
meaningful. For more information about the cookies we use or to find out how you
can disable cookies, click here.
You have disabled non-critical cookies and are browsing in private mode. For the
best possible experience on our website, please accept cookies. For additional
details please read our privacy policy.
Allow Decline
×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our advertising partners use cookies and similar
technologies on this site and around the web to collect and use personal data
(e.g., your IP address). If you consent, the cookies, device identifiers, or
other information can be stored or accessed on your device for the purposes
described below. You can click "Allow All" or "Decline All" or click Settings
above to customize your consent.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalized content profile; ●
Select personalised content; ● Personalized ads, ad measurement and audience
insights; ● Product development. For some of the purposes above, our advertising
partners: ● Use precise geolocation data. Some of our partners rely on their
legitimate business interests to process personal data. View our advertising
partners to see the purposes they believe they have a legitimate interest for
and how you can object to such processing.
Your changes on this site will be applied across the internet on any digital
property you visit using NextRoll's technology. If you select Decline All, you
will still be able to view content on this site and you will still receive
advertising, but the advertising will not be tailored for you. You may change
your setting whenever you see
Decline All
Allow All