April 19, 2011, 12:35 PM — In security Advanced Persistent Threat has become the hot buzzword for an irresistible digital attack that should result in no blame whatsoever to the security, IT and business people involved – who, in fact, should get a raise and some time off for having endured such a harrowing experience.
Advanced Persistent Threat (APT) is a specialty phrase introduced following revelations by Google last year that it had been under continuous pressure from skilled attackers for a long period of time.
It refers primarily to long-term attacks carried out by multiple groups of highly trained attackers focusing on a specific set of targets, using methods not available to the average hacker, or even low-end organized crime group.
It doesn't mean a DDOS attack from a mid-sized botnet, or an increase in spam using phishing techniques to con workers into downloading malware or linking to malicious sites.
It doesn't even usually refer to effective spear phishing attacks like the one that cracked commercial email service Epsilon and let someone get away with thousands or millions of customer email addresses.
It refers to things like the "Byzantine Hades" and "Night Dragon" attacks U.S. security agencies have identified as having come from units of the Chinese military going after confidential data in government and corporate databases.
APT does not describe any successful hack that is a hair more slick than the one that failed a couple of months ago, or that might have taken the attackers more than a couple of days to succeed.
That is exactly how it is being used by IT and security people who have to admit being cracked that want to minimize the impact in negative publicity for their company or negative impact on their employment.
Source: Verizon Business 2011 Data Breach Investigations Report
