Traditionally, the attackers came from the Internet. They usually used some standard or generic malware, hacking technique or ddos tool, attacked critical infrastructure and tested what they could get their hands on. With that scenario, protecting the infrastructure was usually sufficient. With APT, this scenario has changed. Attackers are looking for specific data or infrastructure to target and they are very persistent in getting there. They are still using some kind of malware or exploit to get there, but they are usually very advanced, zero day versions, and often employ multiple exploits at once. And the number of possible entry points has increased greatly – there are still servers to be attacked, but also desktop PCs, mobile devices such as laptops and mobile phones (often vulnerable and with closed systems, e.g. iPhone) and entry points such as social networks, which are all connected in some way these days. And the attack might not come from the Internet alone anymore – malware inserted through USB sticks is an emerging threat.