CSO: CSO's guide to Advanced Persistent Threats

/Home/Internet Security: Articles/Internet Security: CSO/CSO: 2014

In this series of articles, we examine the processes, tools, and methods used by criminals during a targeted attack

By Steve Ragan
January 27, 2014

APTs are both nightmares and the stuff of legend for business leaders and security managers across the globe. Advanced Persistent Threat, or APT, is one part marketing and one part generic description. APT-based incidents are hard, if not outright impossible to prevent, making them the type of incident that often requires well-defined response and recovery plans, with the objective being harm reduction and loss mitigation. This is because it's an unfortunately reality that once an APT-based incident has been discovered, it's often the case that's too late to do anything else.

In this series, we examine the processes, tools, and methods used by criminals during a targeted attack. In addition, we define the difference between an actual APT event and a passive attack, something both the media and various sales and marketing teams confuse. Overall, the takeaway is that it's entirely possible to defend against attacks of all types and sizes, but it isn't easy.

The topics covered in this guide are reconnaissance,weaponization and delivery, exploitation and installation, command and control, and exfiltration. *Please note that CSO Insider registration is required to access all parts of this series.*

Click the URL above to read the full article