Advanced Persistent Threat (APT)

An Advanced Persistent Threat, or APT, is a stealthy, network-based threat or attack against which conventional forms of cyber-defense are extremely difficult.

In most cases, both the stealthy and persistent natures of APTs result from the distributed, low-level, but ongoing natures of the attack. In many cases, APTs are botnets or state actors, who have distributed computing resources available to them, the patience to conduct low-level attacks over long periods of time, and targets that justify this patience.

Detecing APTs is difficult because rather than a single, obvious instance of illicit behavior, APTs engage in activity in very small steps, from a variety of computer systems and network locations over time. For example, a distributed brute force or dictionary attack may try only a few combinations per day, each one from a different computer around the world, a level and kind of activity that is not likely to surface using typical forms of status monitoring.

APTs are difficult to defend against for the same reasons—the illicit activity itself may be difficult to analyze or study even once suspected, and when it does occur tends to originate from a new location in each instance, making many forms of blocking or filtering impractical or ineffective.