APT Tests

Advanced Persistent Threats (APTs) are a cybercrime category directed at business and political targets. In order to be successful APTs need a high level of privacy during a prolonged operation duration. The aim of the attack is not an immediate financial gain, and compromised systems continue offering service even after key systems have been breached and the initial objectives are accomplished.

APT’s can compromise the systems of organizations having effective defense strategies through a wide range of vectors:

  • Internet-based malware viruses
  • Physical malware viruses
  • External Exploitation

From an external perspective, well-funded APT groups do not necessarily compromise perimeter security controls.

Internet-Based Malware Viruses

  • Drive-by Downloads
  • E-mail Attachments
  • File Sharing
  • Pirated Software
  • Spear Phishing
  • DNS and Routing Mods

Physical Malware Viruses

  • Infected UBS Memory Sticks
  • Infected CD’s and DVD’s
  • Infected Memory Cards
  • Infected Devices
  • Backdoor IT Equipment

External Exploitation

  • Professional Hacking
  • Mass Vulnerability Exploits
  • Co-location Host Exploitation
  • Cloud Provider Penetration
  • Bogus Wi-Fi Penetration

One of the fundamental requirements of APTs is to remain hidden for as long as possible. Criminals using APT technologies prefer “low and slow” attacks in order to obtain data or systems they have targeted.