It’s taken me a few years, but I’ve come around to this buzzword. It highlights an important characteristic of a particular sort of Internet attacker. A conventional hacker or criminal isn’t interested in any particular target. He wants a thousand credit card numbers for fraud, or to break into an account and turn it into a zombie, or whatever. Security against this sort of attacker is relative; as long as you’re more secure than almost everyone else, the attackers will go after other people, not you. An APT is different; it’s an attacker who—for whatever reason—wants to attack you. Against this sort of attacker, the absolute level of your security is what’s important. It doesn’t matter how secure you are compared to your peers; all that matters is whether you’re secure enough to keep him out. APT attackers are more highly motivated. They’re likely to be better skilled, better funded, and more patient. They’re likely to try several different avenues of attack. And they’re much more likely to succeed. This is why APT is a useful buzzword. Tags: advanced persistent threats, hacking Posted on November 9, 2011 at 1:51 PM • 84 Comments Sidebar photo of Bruce Schneier by Joe MacInnis. a response to risk that acknowledge the risk but takes no steps to address it Security controls for developing ans ensuring that policies and procedures are carried out; regulating the human factors of security Advanced Persistent Threat (APT) A new class od attacks that uses innovation attack tools to infect a system and then slightly extracts data over an extended period architecture/ design weaknesses deficiencies in software due to poor design Characteristics features of different groups of threat actors Security actions the ensure that data is accessible to authorized users A response to risk that identifies the risk and decision is made to not engage in the risk-provoking activity Threat actors that launch attack against an opponents system to steal classified information Security actions that ensure that only authorized parties can view the information Having different groups responsible for regulating access to a system The out-of-the-box security configuration settings creating multiple layers of security defenses through which an attacker must penetrate also called layered security System for which vendors have dropped all support for security updates due to the system's age The location outside an enterprise in which some threat actors perform An attribute of threat actors that can vary widely A group of threats actor that is motivated by ideology Software that does not properly trap an error condition and provides an attacker with underlying access to the system Software that allows the user to enter data but does not validate or filter user input to prevent a malicious action improperly configured accounts Account set up for a user that might provide more access than is necessary industry-specific frameworks Frameworks/ architecture that are specific to a particular industry or market sector industry-standard frameworks "Supporting structures" for implementing security also called reference architectures Employees, contractors, and business partners who can be responsible for an attack Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data The reasoning behind attacks made by threat actors The location within an enterprise in which some threat actors perform Information security framework/ architectures that are worldwide When the company that made a device provides no support for the device Creating multiple layers of security defenses through which an attacker must penetrate also called defense-in-depth An incorrectly configured device Addressing risk by making risk less serious State-sponsored attackers employed by a government for launching computer attackers against foes Information security framework/ architectures that are domestic A threat that has not been previously identified information security frameworks/ architectures that are not required freely available automated attack software Threat actors that are moving from traditional organized criminal activities to more rewarding and less risky online attacks A software occurrence when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences "Supporting structures" for implementing security; also called industry-standard frameworks Information security framework/ architecture that are required by agencies that regulate the industry A situation in which a hardware device with limited resources is exploited by an attacker who intentionally tries to consume more resources than intended A situation that involves exposure to danger Different options available when dealing with risks individual who lacks advanced knowledge of computers and networks ans so uses downloaded automated attack software to attack information systems Threat actors that have developed a high degree of complexity The widespread proliferation of devices across an enterprise using technology that is carried out or managed by devices as a basis for controlling the across to and usage of sensitive data A type of action that has the potential to cause harm a person or element that has the power to carry out a threat A response to risk that allows a third party to assume the responsibility of the risk Devices that are not formally identified or documented in an enterprise Users with little or no instruction in making security decision using security products provided by different manufacturers A flaw or weakness that allows a threat agent to bypass security vulnerable business process A situation in which an attacker manipulates commonplace actions that are routinely performed; also called business process compromise Configuration options that provide limited security choices An attack in which there are no days of warning |