Exploring Advanced Persistent Threats and Advanced Evasion Techniques
Contributed by Sameer Thadani.
We live in a world with a new arena for committing crimes, the Cyber arena. The Internet that’s composed of multiple connected computer networks has become the grounds of battle. As corporations and governments agencies focus on creating a strong defense in the battle, adversaries focus on becoming quieter and more patient. This new mindset for attackers is allowing them to carry out large, highly disruptive attacks on key information systems around the globe. With a new mindset came new techniques as to the infiltration of unauthorized computer systems. Understanding these highly sophisticated attacks known as Advanced Persistent Threats (APT) and infiltration techniques known, as Advanced Evasion Techniques (AET) will be the basis of this paper.
The National Institute of Standards and Technology (NIST) defines Advanced Persistent Threats as: “An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organisations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, programme, or organisation; or positioning itself to carry out these objectives in thefuture. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders' efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.” (Brewer, 2014, p. 5) Throughout this paper we will discuss what makes up an APT, the attack flow of a APT, the various stages of a APT, how Advanced Evasion Techniques (AET) are used, and even the anatomy of an APT malware.
This document is in PDF format. To view it click here.