An advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes which often targets a specific entity.
An APT usually targets organizations or nations for business or political motives.
There are several reasons for why an organisation is attacked.
Either the miscreants are interested in intellectual property or the organisation has strong technology which the attacker is interested in order to execute an infiltration.The third reason could be if the attacker is simply interested in using the organisation's network to attack other companies.
APT penetrate systems by the number of days vulnerabilities are discovered relative to the time in which it has been exploited. Zero-day exploits take advantage of unknown vulnerabilities in software.
The vulnerability is essentially discovered on the same day as the APT, day zero. Half day refers to exploits that take advantage of software vulnerabilities that are known to the vendor, but haven’t been patched.
These actors spend significant resources researching popular and company specific software as well as supply chain solutions, looking for vulnerabilities that can be exploited for zero-day and half-day attacks. They later make use of these vulnerabilities to target a specific company or sell it on the black market to the highest bidder.
But it happens because security tools are not programmed to find these exposures. Attacks using these techniques go undetected for months, giving attackers ample time to fortify their access into your network.
We can take the example of Banking, Financial services and Insurance sector.
This sector does vulnerability assessment and penetration testing only as compliance not for real security.
Banks mostly often tell Vulnerability Assessment and Penetration Testing (VAPT) vendors only what server needs to be tested. Banks perceive only those servers as threats. But banks should allow consulting companies to come up with a list of what they think is attack surface area and discuss with the banks before they go ahead to do VAPT.
Moreover, the patching is seldom done. Companied don't patch their servers saying they are going live for years, though they should be patched in every three months.
The only solution left is to for a company to have an independent cyber security penetration testing which should be done at regular basis.
Most APT attacks on banks could be done using custom spyware which is delivered to end desktop machines. Other bank branches have email ids and Foreign cells which handle SWIFT and other transactions.
SWIFT code is a unique identification code for particular banks which is used when transferring money between banks, particularly for international wire transfers.
When banks go for vulnerability assessment, Banks should look into these attacks.
At times APT attacks are never detected for months despite SOS running with all tools.
Continually testing the security posture of IT infrastructure can be the basic method to keep an eye on.
Security experts believe defence in depth protection which can help organisations protect themselves. Defence in depth covers aspects such as staff and contractor vetting, effective access management, defined compartmentalisation of key information assets and monitoring controls. Security heads should involve other relevant functions across the organisation, such as physical security, HR, fraud and operational response teams.