Advanced Threats


Introduction

Advanced persistent threats (APT) are increasingly attracting the attention of the security bodies, since they target all kinds of organizations from private and public sector companies to military and political institutions.


Characteristics

  • Targeted: attackers select targets based on political, commercial or security interests and they have a clear scheme of the result they want to achieve from their victims.
  • Persistent: if a target resists the attack, the attacker will not give up its mission. It will rather change its strategy and develop a new type of attack vector.
  • Control and focus: APTs seek to control the essential elements of the infrastructure. They also seek to compromise the intellectual property or the national security, while personal data are not usually of interest to the attacker.
  • Large resources: those behind an APT are not usually worried about the cost of the attack, they may even not care about possible profits, since they are frequently sponsored by State actors or by organized crime structures.
  • Automation: attackers use advanced and semi-automatic tools to intensify their penetrating power against one single target, while other more automated attacks are aimed at multiple targets.
  • One single layer: one group or organization owns and controls all the roles and responsibilities throughout the attack. These roles and responsibilities are not externalised to groups different from the attacker organization.







Our ground-breaking approach

Risk intelligence focused on opponents
This allows developing proactive approaches to risk intelligence vs actual reactivity of an approach, it is based on perimeter and detection/reaction to incidents/IOCs.

An external approach, which supplements the current one, provides a context and enables to develop more effective strategies in the medium to long term.

It focuses on threat analysis, on the opponent and the negotiating processes vs the current approach, which is focused on the vulnerability or the surface of the attack.

All of this requires a multi-discipline approach and adequate capacities and competences

The opponent is an entity with its own motivation, objectives, resources, operational sophistication and, in many cases, it has its own intelligence and counterintelligence capacities, in many cases.

Focusing on the opponent’s space requires both analytical capabilities in other domains and an excellent operational risk management (OPSEC).