Week 8 - Advanced Persistent Threats

Question 1

What is APT?

Answer 1

• Advanced Persistent Threat.
• well funded and long term cyber attacks against specific organizations.
• often involving state-sponsored actors.

Question 2

What males APT concerning?

Answer 2

• it is stealthy, long-term, and often difficult to detect
• attack covers its tracks and blends in with legitimate traffic,

Question 3

What are the key stages of an APT attack?

Answer 3

• Reconnaissance – Gathering information about the system and targets.
• Initial Compromise – Gaining access through methods like phishing or malware.
• Lateral Movement – Expanding access within the system.
• Data Exfiltration – Extracting sensitive data.
• Maintenance and Concealment - maintain access to systems and conceal any evidence of compromise

Question 4

How do attackers gain initial access in an APT?

Answer 4

• social engineering techniques, such as phishing emails,
• exploiting vulnerabilities in software,
• taking advantage of weak password management.

Question 5

How to mitigate APTs?

Answer 5

• implementing principle of least privilege for access control.
• regular patch management to address vulnerabilities.
• Monitoring for abnormal behavior within the network.
• providing security awareness training to end users to prevent social engineering attacks.
• Traditional perimeter security expanded to consider outbound traffic
  and internal network activity