Anatomy of Advanced Persistent Threats
safety net & build wealth
You can transform your business to a revenue-producing asset that lets you work as much or as little as you want.
The six steps of an APT attack - Fire Eye
- The cyber criminal, or threat actor, gains entry through an email, network, file, or application vulnerability and inserts malware into an organization’s network. The network is considered compromised, but not breached.
- The advanced malware probes for additional network access and vulnerabilities or communicates with command-and-control (CnC) servers to receive additional instructions and/or malicious code.
- The malware typically establishes additional points of compromise to ensure that the cyber attack can continue if one point is closed.
- Once a threat actor determines that they have established reliable network access, they gather target data, such as account names and passwords. Even though passwords are often encrypted, encryption can be cracked. Once that happens, the threat actor can identify and access data.
- The malware collects data on a staging server, then exfiltrates the data off the network and under the full control of the threat actor. At this point, the network is considered breached.
- Evidence of the APT attack is removed, but the network remains compromised. The cyber criminal can return at any time to continue the data breach.
FireEye as a Service is a managed detection, investigation and response service that provides battle-savvy security experts, equipped with timely, relevant threat intelligence to detect, investigate and remediate threats early in the attacker lifecycle.
FireEye Threat Intelligence delivers the insights you need based on deep adversarial intelligence, extensive machine intelligence and detailed victim intelligence.
Mandiant, a FireEye company, is the leader in helping organizations respond to and proactively protect against advanced cyber security threats. Since 2004, Mandiant has been dealing with advanced threat actors from around the world. We provide IR services to support organizations during the most critical times after a security breach has been identified and proactively help them improve their detection, response and containment capabilities.
- FireEye Helix
- Network Security
- Endpoint Security
- Email Security
- Threat Analytics Platform