Abstract
A recent class of threats, known as Advanced Persistent Threats (APTs), has drawn increasing attention from researchers, primarily from the industrial security sector. APTs are cyber attacks executed by sophisticated and well-resourced adversaries targeting specific information in high-profile companies and governments, usually in a long term campaign involving different steps. To a significant extent, the academic community has neglected the specificity of these threats and as such an objective approach to the APT issue is lacking. In this paper, we present the results of a comprehensive study on APT, characterizing its distinguishing characteristics and attack model, and analyzing techniques commonly seen in APT attacks. We also enumerate some non-conventional countermeasures that can help to mitigate APTs, hereby highlighting the directions for future research.
Chapter PDF
Similar content being viewed by others
References
Alperovitch, D.: Revealed: Operation Shady RAT (2011)
Bejtlich, R.: What Is APT and What Does It Want (2010), http://taosecurity.blogspot.be/2010/01/what-is-apt-and-what-does-it-want.html
Bennett, J.T., et al.: Poison Ivy: Assessing Damage and Extracting Intelligence (2013)
Giura, P., Wang, W.: Using large scale distributed computing to unveil advanced persistent threats. SCIENCE 1(3) (2013)
Gragido, W.: Lions at the Watering Hole – The “VOHO” Affair (2012), http://blogs.rsa.com/lions-at-the-watering-hole-the-voho-affair/
Haq, T., Khalid, Y.: Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents (2013)
Hutchins, E.M., et al.: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. In: Proceedings of the 6th International Conference on Information Warfare and Security (2013)
ISACA. Advanced Persistent Threat Awareness (2013)
Kaspersky. The Icefog APT: A Tale of Cloak and Three Daggers (2013)
Kindlund, D., et al.: Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website (2014)
FireEye Labs. Fireeye advanced threat report 2013 (2014)
McAfee Labs. Protecting Your Critical Assets: Lessons Learned from “Operation Aurora” (2010)
Liu, S.-T., Chen, Y.-M., Lin, S.-J.: A novel search engine to uncover potential victims for APT investigations. In: Hsu, C.-H., Li, X., Shi, X., Zheng, R. (eds.) NPC 2013. LNCS, vol. 8147, pp. 405–416. Springer, Heidelberg (2013)
Mandiant. The Advanced Persistent Threat (2010)
Mandiant. APT1: Exposing One of China’s Cyber Espionage Unit (2013)
Information Warfare Monitor and Shadowserver Foundation. Shadows in the Cloud: Investigating Cyber Espionage 2.0 (2010)
NIST. Managing Information Security Risk: Organization, Mission, and Information System View. SP 800-39 (2011)
O’Gorman, G., McDonald, G.: The Elderwood Project (2012)
Zubair Rafique, M., et al.: Evolutionary algorithms for classification of malware families through different network behaviors. In: Proceedings of the Genetic and Evolutionary Computation Conference (2014)
Rivner, U.: Anatomy of an Attack (2011), https://blogs.rsa.com/anatomy-of-an-attack/
Schmid, M., et al.: Protecting data from malicious software. In: Proceedings of the 18th Annual Computer Security Applications Conference, IEEE (2002)
Singh, A., Bu, Z.: Hot Knives Through Butter: Evading File-based Sandboxes (2014)
Symantec. Advanced Persistent Threats: A Symantec Perspective (2011)
Tankard, C.: Advanced Persistent Threats and how to monitor and deter them. Network security 2011(8), 16–19 (2011)
Thomson, G.: APTs: a poorly understood challenge. Network Security 2011(11), 9–11 (2011)
Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial espionage and targeted attacks: Understanding the characteristics of an escalating threat. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 64–85. Springer, Heidelberg (2012)
TrendLabs. Spear-Phishing Email: Most Favored APT Attack Bait (2012)
Villeneuve, N., Bennett, J.T.: XtremeRAT: Nuisance or Threat (2014)
Villeneuve, N., et al.: Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Chen, P., Desmet, L., Huygens, C. (2014). A Study on Advanced Persistent Threats. In: De Decker, B., Zúquete, A. (eds) Communications and Multimedia Security. CMS 2014. Lecture Notes in Computer Science, vol 8735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44885-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-662-44885-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44884-7
Online ISBN: 978-3-662-44885-4
eBook Packages: Computer ScienceComputer Science (R0)