ADVANCED PERSISTENT THREATS (APTS)

Malicious Cyber Technology Review of Advanced Persistent Threats (APTs)
The evolvement of security threats in the world has increased the aggressiveness, success, diversity, and advancement of advanced persistent threats (APTs). However, irrespective of the evolvement in security technologies, security breaches continue to increase. Vukalović and Delija (2015) define APT as a multi-phase form of attack targeting the computer networks of a company. The attackers gain entry to the network through a ‘long game’ strategy, avoid detections and collects a large volume of protected data from the system. One of the challenges faced by APT is that it is naturally complex and varied with an origin from zero-day malware or phishing campaigns.
The intended use of APT according to Tankard (2011) is the collection of sensitive data over a while to maximize the criminal dues. After attaining the entry, hackers use APT to gain communication with the main servers where they attain accessibility to malicious passwords. Advancement in APTs includes the ability to bypass signature-based detection systems. Such systems include the use of spam filters and anti-virus software which are not successful in APT. Von Ogden (2016) explains that the characteristic of APT to employ zero-day exploits including malware never applied before may filter mind vulnerabilities.
The increasing use of APTs has led to the introduction of global policies to counter the issue. Von Ogden (2016) explains that although it is challenging to detect APT, their use is identifiable through the following symptoms: several backdoor Trojans, odd user activities, unusual data files, variation in database operations. Bann, Singh, and Samsudin (2015) explain that the Mandatory Access Control (MAC) strategy is the major employed policy to counter APT in Bring Your Device (BYOD) by the majority of organizations in the global environment. Another policy relates to the protection of data integrity through Clark Wilson’s security policy.

References
Bann, L., Singh, M., & Samsudin, A. (2015). Trusted Security Policies for Tackling Advanced Persistent Threat via Spear Phishing in BYOD Environment. Procedia Computer Science, 72, 129-136. doi: 10.1016/j.procs.2015.12.113
Tankard, C. (2011). Advanced persistent threats and how to monitor and deter them. Network security, 2011(8), 16-19.
von Ogden, J. (2016). 14 Telltale Characteristics of an Advanced Persistent Threat. CIMCOR. Retrieved from https://www.cimcor.com/blog/14-telltale-characteristics-of-an-advanced-persistent-threat
Vukalović, J., & Delija, D. (2015, May). Advanced persistent threats-detection and defense. In 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) (pp. 1324-1330). IEEE.