advanced persistent threat (hacker) (APT)
Advanced Persistent Threats (APT) are persistent threats to a network. APT threats allow unauthorized individuals to gain access to the network and data. APT attacks are used for espionage; they aim at stealing data rather than damaging the network or the system. Such attacks are most often directed at organizations with highly sensitive information, such as security-related institutions, manufacturers of technological products, and companies in the financial industry.
In an APT threat, the attacker tries to penetrate the system as quickly as possible without being detected by intrusion detection systems( IDS). The attacker stays in the system as long as possible. To avoid detection, attackers often need to rewrite their code and evasion techniques.
APT attackers use social engineering and often work with spear phishing to build trust and retrieve personal information. Once the APT attacker has system access, it establishes backdoors. In the next step, it collects credentials - that is, identification documents, credentials, access authorizations or credentials - especially from administrative people. Through the backdoors, the APT attacker can install malware.
APT attacks are relatively sophisticated and can be detected by anomalies in outbound data. Corresponding attacks can be detected by Breach Detection Systems( BDS) and prevented by Deception Technologies.