Apt attack

APT(Advanced Persistent Threat) High level persistent threat , The essence is targeted attack . Using advanced attack means to carry out long-term sustained network attack on specific targets ,APT The principle of attack is more advanced and advanced than other forms of attack , Its advanced nature is mainly reflected in APT Before launching an attack, it is necessary to accurately collect the business process and target system of the target . In the process of collecting , This attack will actively exploit the vulnerability of the trusted system and application of the attacked object , Use these vulnerabilities to build the network needed by the attacker , And make use of 0day Vulnerability to attack .

APT There are many ways to invade customers , It mainly includes the following aspects .

With smart phones 、 Tablets and USB And other mobile devices as the target and attack object, and then invade the enterprise information system . The malicious email of social engineering is a lot of APT One of the key factors for a successful attack , As social engineering attacks become more sophisticated , It's almost impossible to tell the true from the false . From some of the APT Large businesses that attack can find , The key factor for these enterprises to be threatened is that ordinary employees encounter malicious e-mail from social engineering . Hackers just started , Sending phishing emails to specific employees , As a way to use APT The source of the attack . Exploit firewall 、 Server and other system vulnerabilities, and then access to the enterprise network valid credential information is to use APT Another important means of attack .

All in all , High level persistent threat (APT) By all means , Bypassing traditional code based security solutions ( Such as antivirus software 、 A firewall 、IPS etc. ), And lurking in the system for longer , Make it hard for traditional defense systems to detect .

" Latent and persistent " yes APT The biggest threat to attack , Its main features include the following .

Latency : These new attacks and threats may exist in the user environment for more than a year or more , They keep gathering all kinds of information , Until important information is gathered . And these engines APT The purpose of hackers is not to gain profits in a short time , But the " Controlled host " As a springboard , Keep searching , Until you can completely grasp the target person 、 things 、 matter , So this kind of APT Attack mode , In essence, it's a kind of " The threat of malicious business spies ".

Continuity : because APT The attack is characterized by persistence or even as long as several years , This makes the managers of the enterprise imperceptible . in the meantime , such " Continuity " It is reflected in the various attack means that the attacker constantly tries , And long-term dormancy after penetrating into the network .

Targeting specific targets : For a particular government or enterprise , Long term planning 、 Organized intelligence theft , Send malicious social engineering emails to the locked objects , Such as a letter pretending to be a customer , Get the first chance to plant malware on your computer .

Install remote control tools : The attacker set up a botnet Botnet The architecture of remote control , Attackers regularly send copies of potentially valuable files to command and control servers (C&C Server) review . Filter sensitive Secrets data , It's transmitted by means of encryption .