User:Dephiant08/Advanced persistent threat

This is the sandbox page where you will draft your initial Wikipedia contribution.

If you're starting a new article, you can develop it here until it's ready to go live.

If you're working on improvements to an existing article, copy only one section at a time of the article to this sandbox to work on, and be sure to use an edit summary linking to the article you copied from. Do not copy over the entire article. You can find additional instructions here.

Remember to save your work regularly using the "Publish page" button. (It just means 'save'; it will still be in the sandbox.) You can add bold formatting to your additions to differentiate them from existing content.

Bibliography sandbox

Article Draft

Lead

An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Article body

An advanced persistent threat is compound attacks that utilize multiple stages and different attack techniques. They are performed by person or organization that deliberately plans attack campaigns of intellectual property theft using cyber-methods such as malware distribution centers that support on crimeware and espionage.^[1]

When it comes to advanced persistent threats, there should be protection on multiple levels across the enterprise. The should include defense-in-depth strategies that consist of SL VPNs, UTM, IDPS systems, and sandboxes. ^[2]

Gartner suggests, “Application Whitelisting is the most valuable counter-APT strategy any organization can adopt. It forms a strong layer of protection against the viable components of APT, as well as for as-yet-unknown ones.”^[3]

Advanced Persistent Threat (APT) groups are organized hacking and cyber intelligence actors, including individuals or groups. APT groups infiltrate corporations and governments, participating in espionage and sometimes hack financial institutions to fund their activities and people of their sponsoring organization. APT groups plan to steal data, disrupt operations, or destroy infrastructure. These attackers engage in their objectives over months or years. They adapt to cyber defenses and frequently retarget the same victim. The actors behind APTs are typically a gaggle of skilled hackers, working in a coordinated way. APT attacks are sly, having the power to stay unnoticed, obscuring themselves within enterprise network traffic, and interacting only enough to realize the defined objectives.

They may add a government/military cyber unit or be hired as cyber mercenaries by governments and personal companies. They are well-resourced from both financial and technical perspectives. This provides them with the power to figure for an extended period and have access (by development or procurement) to zero-day vulnerabilities and attack tools. Once they are state sponsored, they will even operate with the support of military or state intelligence.

APT actors follow a staged approach target, penetrate, and exploit your organization. Advanced Persistent Threat actors may use social engineering, a typical method, to accumulate information from your employees which will be valuable for exploit efforts. Phishing and spear-phishing are particularly effective ways to "distribute" malicious programs. APT actors may use various tools throughout the lifecycle process. This includes rootkits, exploit kits, downloader kits, drive-by downloads, DNS and routing modifications, use of rogue Wi-Fi devices, and almost any method which can prove useful. Most APT actors can also have resources to develop custom hacking tools and prepare zero-day exploits to be used. As an example, APT actors may use zero-day exploits to avoid signature-based detection, and encryption to obfuscate network traffic.

APT attacks are methodically premeditated, and typically have multiple steps involved. Although a selected APT attack may have its unique features, the stages of APT attacks are similar, and that they differ mostly within the procedures utilized in each stage. “A typical APT attack will have the next six phases: (1) reconnaissance and weaponization; (2) delivery; (3) initial intrusion; (4) command and control; (5) lateral movement; (6) data exfiltration”[4].

References^[2]

^ Tankard, Colin (2011-08). "Advanced Persistent threats and how to monitor and deter them". Network Security. 2011 (8): 16–19. doi:10.1016/s1353-4858(11)70086-1. ISSN 1353-4858. {{cite journal}}: Check date values in: |date= (help)
^ ^a ^b "What Is an Advanced Persistent Threat (APT)?". www.kaspersky.com. 2021-06-11. Retrieved 2021-06-28.
^ Durham, David (2014-08). "Mitigating exploits, rootkits and advanced persistent threats". 2014 IEEE Hot Chips 26 Symposium (HCS). IEEE. doi:10.1109/hotchips.2014.7478798. ISBN 978-1-4673-8883-2. {{cite journal}}: Check date values in: |date= (help)

[1] Tankard, Colin (2011-08). "Advanced Persistent threats and how to monitor and deter them". Network Security. 2011 (8): 16–19. doi:10.1016/s1353-4858(11)70086-1. ISSN 1353-4858. {{cite journal}}: Check date values in: |date= (help)

[:0-2] "What Is an Advanced Persistent Threat (APT)?". www.kaspersky.com. 2021-06-11. Retrieved 2021-06-28.

[3] Durham, David (2014-08). "Mitigating exploits, rootkits and advanced persistent threats". 2014 IEEE Hot Chips 26 Symposium (HCS). IEEE. doi:10.1109/hotchips.2014.7478798. ISBN 978-1-4673-8883-2. {{cite journal}}: Check date values in: |date= (help)

[1]

[2]

[3]

Article Draft

Lead

Article body

References[2]

References^[2]