Advanced Persistent Threat Assessment
Generally, an Advanced Persistent Threat (APT) is performed by organized crime or hacktivist networks. The attack is designed for long term operations to effectively and continously collect information while operating under the radar. APTs bypass conventional IT security strategies. curesec GmbH delivers services in APT assessment to prevent and minimize the risks of espionage and cyber crime.
An APT attack is targeted at business and political entities to gain high grade sensitive information such as intellectual property or classified information. The term "Advanced Persistent Threat" is commonly used to refer to cyber threats, involving traditional espionage techniques as well as extensive computer intrusion technologies in combination with coordinated actions of a various number of attackers. APTs are supposed to operate under the radar and to remain invisible for as long as possible. Disclosed attacks may have been performed for years, harvesting information and accessing critical system components.
Furthermore, the attack targets a specific goal and can even use specificly designed Malware, hijacking and hacking tools. The wide variety of attack vectors, from infected software and systems to the abuse of social engineering, constitutes an enormous threat to companies and governments. Even after accomplishing the goal, the software still remains in the system.
APT Assessment services
The threat of organized cyber crime caused by APTs leads to a multi-layered approach dealing with the need of advanced IT security. curesec GmbH delivers several methods and services to ensure secure IT infrastructure and to prevent advanced persistent threats. Therefore we deliver:
- Zero Packet Reconnaissance
- Social Engineering Assessment
- External Network Security Assessment
- Internal Penetration Test
- Internal Vulnerability Assessment
- Reports & Recommendations
Our services include comprehensive consulting regarding your social and IT infrastructure. We expose potential weak spots, and will make you understand possible security flaws. Through APT assessment we offer concepts and defense-in-depth strategies going beyond automated scanning and security tools.
How Advanced Persistent threats work
As introduced APTs are designed to operate in secret leaving few or at least no visible traces. There are several methods to achieve the high-level stealth behavior of an APT attack, such as internet Malware infections like drive-by downloads, email attachments, file sharing, manipulated / pirated software, spear fishing or DNS and routing Mods as well as physical infections like infected devices and digital medium (e.g. USB stick, CD, hard drive etc.), infected appliances or backdoored IT equipment.
External exploitations include professional hacking, mass vulnerability exploits, co-location host exploitation, cloud provider penetration, rogue WiFi penetration and SmartPhone Bridging.
Beside the outlined intrusion vectors, insider threats and trusted connections play a huge role for channeling the APT attacks. Social engineering in combination with goal-oriented hijacking and manipulation of devices were used to establish access to sensitive information. Hijacked smart phones of employees or business partners are often used as soft entries to entire systems.
Essentially APT try to stay invisible for as long as possible to avoid any detection by following the rule of “low and slow”. Therefore modern commercial and “off-the-shelf” Malware is used by the APT operators. The progressive nature of Advanced Persistent Threat attacks include undetected network navigation, while gaining remote control of the system entities via secure channels. Often the APT operators navigate to or between specific hosts within the organization to ensure ongoing access.