Advanced Persistent Threat refers to a type of long term attack that is carried out via the internet and that consistently assails the same target. They are usually covert in nature and require high level funding and resources, a characteristic consistent with that of a nation or state-sponsored group. Attacks are typically complex and detailed and target specific systems or information. The vector of attack may include any combination of previously identified vulnerabilities and new zero-day exploits and may be conveyed over many types of medium.
The victims of recent APTs include the U.S. Departments of Defense and Energy, RSA Corp., Google, the Iranian Government, and Lockheed Martin. These attacks successfully compromised systems and information and went undiscovered or unhindered for some time. While there are a handful of actors, China has been responsible, directly or indirectly, for a large amount of attacks that have sought data on a wide spectrum including Google source code and user data; military and defense plans and designs; intelligence data; and economic and financial information. The issue is a sensitive one because although a significant amount of industrial, military, and military data is being compromised the United States can do little diplomatically with China as it lacks comprehensive proof and a means to force China to halt the attacks. Furthermore, China contends that it is also a victim and that any attacks that originate from the country are from criminals. The U.S. Government has, in cooperation with industry, investigated and tracked down the attacks and has found traces and footprints that consistently tie them to China.
The United States and its allies are not just victims of APTs however. While they do not have the same motives and targets as China, Western powers have created and executed attacks such as Stuxnet, the intricate computer worm that ruined and destroyed centrifuges in Iranian nuclear enrichment facilities. It was for this type of operation that the U.S. Government established Cyber Command to conduct the offensive and defensive functions of the nation’s cyberspace. The threat landscape has changed so drastically that cyberspace is now classified as a battlefield and as such as we must be prepared to fight in it.
Advanced Persistent Threats will continue to be an issue in the cyber domain. Due to the their nature they are hard to completely defend against and new vulnerabilities and techniques will allow for more attacks. Preventing these types of attacks requires a system of passive and active defenses that are constantly updated and reviewed for flaws and errors.
Source: http://www.washingtontimes.com/news/2011/dec/14/cyberthefts-of-vital-data-by-china-based-teams-ris/
