The processes and tools behind a true APT campaign: Overview

CSO Online examines each step of an APT campagin in this multi-part series

APTs are both nightmares and the stuff of legend for business leaders and security managers across the globe. In this series, CSO will examine the processes and tools used by attackers during these types of campaigns, and various mitigating factors.

[Spear phishing paves road for advanced persistent threats]

Advanced Persistent Threat, or APT, is one part marketing and one part generic description. APT-based incidents are hard, if not outright impossible to prevent, making them the type of incident that often requires well-defined response and recovery plans, with the objective being harm reduction and loss mitigation. This is because it's an unfortunately reality that once an APT-based incident has been discovered, it's often the case that's too late to do anything else.

In an interview with CSO for this series, Rik Ferguson, the VP Security Research at Trend Micro, added that said unfortunate reality certainly holds true when targeted attack campaigns are countered (or attempted to be countered) by traditional security architecture and management.

However, security professionals who understand that changes in their basic assumptions, as well as changes to their choices and deployments in technology, are required when it comes to dealing with targeted attack campaigns, there's still a fighting chance.

"It's not that there's no hope," Ferguson said. "It's that there's no hope for those that will not change."

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)