In the last years, many public and private organizations have been target of Advanced Persistent Threats (APTs), sophisticated, targeted and persistent threats aimed to steal information like intellectual property, organization or state secrets for economic, technical political, or military reasons. In the future, APTs will probably continue to increase and change their attack patterns.
APTs are very difficult to detect and remove. They can act undetected on network for long time, control the target waiting for the opportunity to leaking out your information. In many cases, skilled and motivated attackers use advanced-intelligence techniques and are able to erase its presence.
Only an early detection and a strong response capability can help organization to face APTs attack. Identification of Threat Indicators and Techniques, Tactics and Procedures (TTP) of attacks as well as information sharing and collaboration can enhance prevention and detection capabilities of organization. In the same time, an effective operative collaboration requires adoption of common methodologies and standards.
For these reasons, GCSEC and EECTF (European Electronic Crime Task Force) has coordinate a study group on APT in collaboration with Kaspersky Lab, Lutech, Tiger Security and Trend Micro.
The aims of this study are
• to provide an overview of APTs attack patterns, threat indicators and possible recommendations
• to provide a classification model to facilitate information sharing and enhance defense capabilities
Each chapter presents a case study of attack. The case studies are divided in the 7 phases of the Cyber Kill Chain. Moreover, the authors present also a series of recommendations that could be helpful.
You can download the study results on "Publication" page of our website.