What’s Worse: APTs or Spear Phishing?

In this article, we are going to look into advance persistent threat (APT) and spear phishing, the role of spear phishing in APT attacks, the level of difficulty to perform APT attacks or spear phishing attacks, and, last but not least, the comparison of damage caused by an APT attackand spear phishing. But, before we do that, let us get a brief idea on what is advance Persistentthreat and what is spear phishing.What Is an Advance Persistent Threat?From the name itself, it is clear that such a type of threats or attacks use sophisticated techniques to exploit the vulnerabilities in the system and “persistent” in this scenario means that there is continuous monitoring or extraction of data from the target. Therefore, we can say that an APT is an advance network attack where an attacker gains access to the network and remains undetected for a long period of time.What Is Spear Phishing?Spear phishing is similar to a normal phishing attack, where the email which is sent appears tobe from an individual or a business which the victim trusts. It’s an e-mail spoofing fraud that attempts to seek unauthorized access to the confidential data present with the target. Such types of attacks are not initiated by random hackers or script kiddies but are more likely to be performed by perpetrators for their financial gain or steal confidential data. In order to increase the probability of this attack, the attacker may gather information about the target prior to the initiation of the attack.How Is an Advance Persistent Threat Attack Performed?Abuse or compromise of trusted connections and malwares are the key ingredients to launching a successful APT attack. APT attacks create a growing or changing risk to the targeted organization’s financial assets or intellectual property and reputation by following the cyclic chain outlined below:1.Targeting specific organizations for a singular objective, which is the initial compromise of the victim. This is performed by the use of social engineering and spear phishing, over email, using zero-day viruses, etc. Another popular infection method is by planting malware on a website that the victim’s employees will be likely to visit.2.Next, the attacker has to establish or gain a foothold in the target environment. This phaseinvolves planting remote administration software in the victim’s network, creating network backdoors and tunnels that help gain stealth access to the target’s infrastructure.3.Use the compromised system as an entry point into the target network by using exploits and password cracking to acquire administrator privileges over the victim’s computer and possibly expanding it to Windows domain administrator accounts; collecting information on the surrounding infrastructure, trust relationships, and Windows domain structure.4.Deploy additional tools or software that help infulfilling the objective of the attack and expand control to other workstations, servers and infrastructure elements and perform data harvesting on them.5.Exfiltrate the data from the target computer or network and cover tracks to maintain access for future initiatives and ensure continued control over access channels and credentials acquired in previous steps.From the abovediscussedmethod used for performing an APT attack, it is very clear that spear phishing may play a very important role in initializing few APT attacks.How Is Spear Phishing Done?It is more or less similar to a common phishing attack, but spear phishing is targeted at a subset of people, usually employees of the companies or members of an association or visitors to a particular website.This attack needs a little bit of social engineering or information gathering about the target or the victim.It includes tactics such as victim segmentation, email personalization, sender impersonation, and other techniques to bypass the email filters.The attack vector is mainly an e-mail message that seems to have been sent from a legitimate sender and requesting some action from the victim. Such mails may include malicious links to websites controlled by attackers, while a few others include malicious attachments that infect the target system.Damage Caused by an Advanced Persistent Threat AttackAPT attacks are usually not targeted at a specific person but they target your company. Also, when there is an attack whose intent is to just steal the money, then probably such an attack cannot be termed an APT attack. The main goal of an APT attack is to steal valuable intellectual property, such as confidential project data, contract information, patent information, etc., from companies or government sectors. The ultimate goal of APTs is very ambitious. A common myth that APTs usually target the western sites is absolutely incorrect. Studies show that advanced persistent threat attacks render security controls in the organizations ineffective and impact company revenues.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s