Acrónimos: APT
Ver:
· Amenaza
La definición ampliamente aceptada de amenaza persistente avanzada es que se trata de un ataque selectivo de ciberespionaje o cibersabotaje llevado a cabo bajo el auspicio o la dirección de un país, por razones que van más allá de las meramente financieras/delictivas o de protesta política. No todos los ataques de este tipo son muy avanzados y sofisticados, del mismo modo que no todos los ataques selectivos complejos y bien estructurados son una amenaza persistente avanzada. La motivación del adversario, y no tanto el nivel de sofisticación o el impacto, es el principal diferenciador de un ataque APT de otro llevado a cabo por ciberdelincuentes o hacktivistas.
McAfee. Predicciones de amenazas para 2011.
An adversary that
possesses sophisticated levels of expertise and significant resources which
allow it to create opportunities to achieve its objectives using multiple
attack vectors (NIST SP800-61)
Scope Note: The APT:
1. pursues its objectives repeatedly
over an extended period of time
2. adapts to defenders efforts to
resist it
3. is determined to maintain the level
of interaction needed to execute its objectives
ISACA,
Cybersecurity Glossary, 2014
The Advanced
Persistent Threat (APT) refers to a class of cyber threat designed to
infiltrate a network, remain persistent through evasion and propagation
techniques. APTs are typically used to establish and maintain an external
command and control channel through which the attacker can continuously exfiltrate
data. [knapp:2014]
An advanced
persistent threat (APT) is a network attack in which an unauthorized person
gains access to a network and stays there undetected for a long period of time.
The intention of an APT attack is to steal data rather than to cause damage to
the network or organization. APT attacks target organizations in sectors with
high-value information, such as national defense, manufacturing and the
financial industry.
In a simple
attack, the intruder tries to get in and out as quickly as possible in order to
avoid detection by the network's intrusion detection system (IDS). In an APT
attack, however, the goal is not to get in and out but to achieve ongoing
access. To maintain access without discovery, the intruder must continuously
rewrite code and employ sophisticated evasion techniques. Some APTs are so
complex that they require a full time administrator.
http://searchsecurity.techtarget.com/
Advanced Persistent
Threats (APT) are computer attacks usually driven by government agencies or
terrorist organizations conducting espionage or trying to take valuable data
for non financial purposes. Rarely are APTs led by political or commercial
organizations. However, in some cases, marginal threats do arise from obsessed
individuals and legitimate commercial organizations since the value of data
goes well beyond just the financial value. Incidents like Project Aurora and
Wikileaks highlights that data also has both political and military value.
http://www.imperva.com/resources/glossary/glossary.html
usually refers to
a group, such as a foreign government, with both the capability and the intent
to persistently and effectively target a specific entity. The term is commonly
used to refer to cyber threats, in particular that of Internet-enabled
espionage, but applies equally to other threats such as that of traditional
espionage or attack. Other recognised attack vectors include infected media,
supply chain compromise, and social engineering. Individuals, such as an
individual hacker, are not usually referred to as an APT as they rarely have
the resources to be both advanced and persistent even if they are intent on
gaining access to, or attacking, a specific target.
http://en.wikipedia.org/wiki/Advanced_persistent_threat
An Internet-borne
attack usually perpetrated by a group of individuals with significant
resources, such as organized crime or a rogue nation-statesuch as organized
crime or a rogue nation-state.
Cybersecurity for
Dummies, Palo Alto Networks Edition, 2014
Temas relacionados