Advanced persistent threat
Advanced persistent threat
(also APT)
Advanced persistent threat definition
An advanced persistent threat is a criminal group that gains access to a network and performs malicious activities. The group’s aim is to stay undetected for as long as possible. Advanced persistent threats are usually targeted at large corporations or government organizations, but it can also be used in a fight between hostile nations.
How is APT different from a regular cyberattack?
In a regular cyberattack, hackers strike fast and retreat even faster to cover their tracks and avoid being caught. APT can last for years and include cyber espionage.
APT stages
- The attackers gain access through phishing or security loopholes.
- They create a backdoor and deploy malware inside the network.
- The attackers try to get further high-level access.
- Once the attackers are sure they can access data unnoticed, they start stealing it.
- To ensure they stay undetected for as long as possible, the attackers cover their tracks and disconnect, leaving behind a backdoor in case they need to come back.
Protection against APT attacks
- Update software. Exploiting known vulnerabilities is one of the ways hackers can get into a system. Install updates as soon as they become available.
- Train staff. Basic understanding about social engineering and general cybersecurity knowledge is essential in any workplace — companies must train employees to recognize threats.
- Control access. A business must carefully evaluate which employees should have access to which parts of the system or network and how these permissions are changed or acquired. Also, uses should never share login credentials in plaintext — use a password manager instead.
- Use security software. Tools like a VPN and an antivirus are a great addition to any personal or work device. Use NordVPN to get both — it will encrypt your connections and protect your devices from malware and your users from trackers, ads, and phishing attacks.