New Cyber Policies For Combating the Advanced Persistent Threats
When we stand back and look at the various cyber threats that are currently being employed in the world, and attempt to prioritize those threats, you will quickly see that the most serious threat seems to emanate from a family of viruses called Advanced Persistent Threat; it is this virus type which seems to poses the greatest risk towards the United State. This is the type of threat that is currently being used against the United States by hostile governments around the world. However this is also the class of virus that it being used by the United States to conduct cyber operations against nations that pose a threat to the United States or its allies.
You may ask yourself, what is the Advance Persistent Threat (APT)? According to the website Dambella the APT is defined as “a cybercrime category of malware that is directed at business and political targets. APTs require a high degree of stealithiness over a prolonged duration of operation in order to be successful. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached.”
Advanced – what does the term advanced mean? The Merriam-Webster dictionary defines Advanced as “greatly developed beyond an initial stage”. In the world of cybercrime and cyber warfare this can only mean that those people who are initiating attacks are doing so by using methodologies and techniques that use the entire range of intrusion tools. Often the Advanced portion of the APT finds the attackers using multiple simple exploits simultaneously in a tiered attack. Thus allows for a multiple layered attack using multiple threat vectors to attack a single target, while using different technologies to achieve a common goal.
Persistent - Looking at the Merriam-Webster dictionary we can see that the word persistent is defined as “existing for a long or longer than usual time or continuously”. Again in the world of cyber warfare this can mean that, cyber warriors have given authority to a specific task or job. Instead of choosing targets of opportunity they instead have chosen specific targets chosen for some personal reason. Thus this is effectively a spear phishing weapon that targets key individuals instead of groups of machines. Typical this means that those attacking are not guided by financial greed but rather by some other sort of political means. This also means that this attack is conducted through an effort that is continuously monitored in order to achieve the desired objective. This also means that this persistence makes the process move extremely slowly thus more difficult to detect.
Threat – again looking at the definition of the term threat we see the Merriam-Webster have defined the term to mean “an expression of intention to inflict evil, injury, or damage”. Looking at how this terminology is applied in the APT methodology when looking at Cyber Warfare we see that this means that humans are actively involved in the attack. Thus making this threat much more sever, the ability to think and to adapt is always more threatening than having an attack conducted by a mindless bot. In the APT attack this also has come to mean that the attackers are extremely organized, that they have a specific objective in mind, and are extremely skilled. Given this criteria the Threat portion of the APT attack can be thought to mean an organized entity such as a Terrorist organization, a crime family, or even a Nation State.
One of the more unique aspects of the Advanced Persistent Threat is the definition, seems to be subjective and depends on the perspective of who is conducting the analysis. Inside the United States the term APT was adopted by the United States Air Force (USAF) in 2006. The term was used to generalize threats so that the...