An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization. APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry. ‘Advanced’ means it gets through your existing defenses. ‘Persistent’ means it succeeds in hiding from your existing level of detection. ‘Threat’ means it causes you harm.” Because APTs operate covertly and are difficult to detect, months can pass with no visible compromises to the organization quietly under attack. Moreover, single instances may be detected while multiple others inside the same organization go unnoticed. Comparable to combating a life-threatening disease, early detection is vital. So to defeat the APT, all you need is a strategy. No single tool can help you defeat APT.

1. APT(ADVANCED PERSISTENT
THREATS) & STRATEGIES TO COUNTER
APT
Avkash Kathiriya
Information Security Researcher

2. AGENDA
• What is APT?
• History of APT’s
• Attack Threat types
• Cyber Kill Chain
• Strategy to counter APT
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 2

3. WHAT IS APT?
• Advanced
– Combination of attack methods and tools
• Persistent
– Continuous monitoring and interaction
– “Low-and-slow” approach
• Threat
– Attacker is skilled, motivated, organized and
well funded
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 3
APT is a term coined by the U.S. Air Force in 2006

4. 2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 4
HISTORY OF APT’S

5. HISTORY OF APT
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 5

6. RECENT PAST OF APT
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 6
http://www.theverge.com/2014/11/30/7309375/dvd-rips-of-fury-annie-mr-turner-and-
still-alice-hit-the-web
http://www.cnet.com/au/news/how-target-detected-hack-but-failed-to-act-bloomberg/
http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target

7. ATTACK THREAT TYPES
 Nuisance –
o Attacks are opportunistic
 Organization is targeted because it is vulnerable
 Insider –
o Trusted insider steals data
 Difficult to prevent but detection and attribution is possible
 Hacktivists –
o Motivated by a cause
 Determined but not always sophisticated
 Financial & Intellectual Property (IP) –
o More sophisticated attacks
 Typically target information for financial or competitive gain
 State-sponsored –
o Persistent and Targeted
 Attacks continue until targeted data is obtained
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 7
Nuisance Insider Hacktivists
Financial &
Intellectual
Property
(IP)
State-
sponsored

8. CYBER KILL CHAIN
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 8

9. 2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 9

10. 2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 10
APT IN ACTION

11. 2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 11
STRATEGIES TO COUNTER APT
No Single Protection technology is a silver bullet
Since there exist no silver bullet to defeat APT, all
you need is a strategy to defeat the APT

12. 2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 12
IT’S ALL ABOUT HUNTING THE “UNKNOWN”

13. GARTNER FIVE STYLES OF ADVANCED
THREAT DEFENSE
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 13

14. SANDBOXING
2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 14
SANDBOX is a security mechanism for separating
running programs

15. 2/28/2016APT & STRATEGIES TO COUNTER APT BY AVKASH K 15