APT (Advanced Persistent Threat)

An Advanced Persistent Threat (or APT) refers to an ongoing pattern of cyber-attacks, or sometimes a well-identified group of cyber-attackers, often state-sponsored, who regularly attack the same target over time.

The sectors particularly targeted by this type of attack are national defence, industry and finance, where information is of the highest value (intellectual property, military plans and other government and corporate data). Organised crime groups can also use APT threats to obtain information that they can use to commit criminal acts for financial gain.

Most APTs seek to gain persistent access to the target network, rather than entering and exiting as quickly as possible. Given the effort and resources required to carry out APT attacks, hackers choose high-value targets, such as nation states and large corporations, with the ultimate goal of stealing information over a long period of time.

An APT is a method of attack that businesses around the world should be on the lookout for. However, this does not mean that SMEs are immune to this type of attack. Increasingly, hackers launching APTs are using small businesses that are part of their ultimate target’s supply chain to gain access to large organisations. They use these companies, whose defences are generally less effective, as a stepping stone.

Most of these attacks are carried out in several phases: gaining access to the network, gaining a foothold and extending access, then doing everything possible to remain as discreet as possible until the objective of the attack has been achieved.

While APT attacks are difficult to detect, data theft is never completely invisible. However, data exfiltration may be the only evidence that a network has been attacked.