As the threat landscape continues to evolve, a new breed of hackers has arisen with complex skills resulting in far more sophisticated attacks often called advanced persistent threats (APTs).
All APTs are defined by a few key characteristics. First, an APT utilizes sophisticated tools and techniques primarily because they are the product of true professionals — not inexperienced amateurs or “script kiddies.”
APTs are also stealthy; often playing the long game. The recently discovered DarkHotel attack (discussed here), which remained undetected for an estimated seven years, is a prime example. These attacks are not hit and run. Instead, the attacker infiltrates the target quietly and maintains their position inside the network, gathering information for an extended period of time.
One of the most telling, but less discussed, characteristics of an APT is the targeted nature of the attack. Unlike mass attacks that are constantly in the news, APTs hand tailor their activities for specific organizations and for specific goals. In many cases, an APT is run by national intelligence services (formally or informally) or by organized crime. Some of the typical targets include governments, large organizations or an organization with access to particularly valuable or important information. A chosen target for one APT many not be of interest to another. For instance, a small human rights group might be a target of an APT run by the government they are resisting, but not to other APTs.
APTs are at the leading edge of a larger trend towards more targeted attacks. Targeting is being adopted because it can have much higher returns, is less likely to be detected, and it prolongs the functionality of new exploits.
Detection and defense in depth are key to protecting against APTs. Their advanced tools are very likely to succeed in hacking target systems. Ensuring the attacks are contained and eliminated is critical. However judicious use of anonymity can often dodge the targeted attack completely.