Advanced Persistent Threat (APT)

Advanced Persistent Threat (APT) is where attackers, often state or state sponsored, engage significant resources and expertise to use against an organisation.

If an individual or organisation is attacked with state or state sponsored resources, intent, determination, pressure and persistence, such an attack is frequently referred to as Advanced Persistent Threat (APT).

APT attackers will literally spend days, and for some hardened defence companies even months, getting at a target organisation directly and through other associated organisations, such as their supply chain, and people. They will:

  • research all of these stakeholders in great detail and use it to get to the organisation over time.
  • steal enormous amounts of information over a long period of time, from:
  • the organisation,
  • its supply chain
  • its employees.

The goal may be to coerce the company or agency into an unfair deal or kill off the target organisation or sector slowly by making them uncompetitive. At the same time the attacker organisation may make significant economic gain through the information they gather and disseminate to companies of relevance in their own country.

The first evidence of the attack may be in lost contracts (lost revenue), loss of negotiating power, cheaper copies of products appearing in the market and in the returns department (increased costs). This may take a long time to appear and may already be too late.
More recently there is good cause to fear they may destroy organisations or sectors quickly by stealing then wiping data and destroying machines.
If your organisation is a victim of APT, the government may contact you and if not, it is important for you to contact them, as and when you uncover it.
If the attack is caught early enough, good forensic information may be found to pursue the attackers, to look at adaptive business models now you know who the attacker is and what they have stolen, and in any case the threat may be stopped before bringing your organisation down. Security professionals may even be able to turn the attackers’ energies against themselves.

If the government contacts you about a breach:

  • Engage
  • Have a mechanism for the government to get in touch with you, such as a notifications link on your website in case of a product or media security concern.
  • Verify the person or people contacting you are genuine.
  • Engage with the contact to establish how to verify they are who they say they are
  • Don’t record any details on your email.
    • In the case of APT, the attackers have access to your email and will be looking for it. You don’t want them to know you’re onto them.
What to expect:
Bear in mind your government would not be contacting you if you didn’t have a very large problem. That said, your organisation won’t be their only issue at hand and there is an aggregate of cases you are likely a part of. You will need to ultimately engage firms to help you once you understand the nature of your problem. However, what your government contact will give you is extremely important contextual detail. This is your first shot across the bows.

Leave a Reply

Your email address will not be published. Required fields are marked *