Do standard security solutions work against advanced persistent threats (APTs)? Are APTs crafted to extract specific files from an organization? Are data breaches caused by APTs? IT groups today face the challenge of protecting/shielding their networks against APTs—computer intrusions by threat actors that aggressively pursue and compromise targets. To help organizations formulate strategies against APTs, TrendLabs prepared an infographic that illustrates the different stages of intrusion.
By analyzing each stage of an attack, IT groups can gain insight on the tactics and operations of an active attack against their networks. This analysis helps build local threat intelligence—internal threat profiles developed through intimate knowledge and observation of attacks against a specific network. It is key to mitigate future attacks by the same threat actors. The stages our researchers have identified are intelligence gathering, point of entry, command-and-control (C&C) communication, lateral movement, asset/data discovery, and data exfiltration.
Certain realities make dealing with each stage of an APT attack more difficult than dealing with ordinary cybercrimes. For instance, in the asset discovery stage where the attacker is already inside the network enumerating which assets are valuable enough to extract, a data loss prevention (DLP) strategy can prevent access to confidential information. However, according to a survey, while company secrets comprise two-thirds of a company’s information portfolio, only half of security budgets are allocated to protecting these.
More of these realities are highlighted in the infographic, “Connecting the APT Dots.”