After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an
enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the
following is this an example of?
A.
Privilege escalation
B.
Advanced persistent threat
C.
Malicious insider threat
D.
Spear phishing
Explanation:
Definitions of precisely what an APT is can vary widely, but can best be summarized by their named requirements:
Advanced Criminal operators behind the threat utilize the full spectrum of computer intrusion technologies and techniques. While individual components of the
attack may not be classed as particularly “advanced” (e.g. malware components generated from commonly available DIY construction kits, or the use of easily
procured exploit materials), their operators can typically access and develop more advanced tools as required. They combine multiple attack methodologies and
tools in order to reach and compromise their target. Persistent Criminal operators give priority to a specific task, rather than opportunistically seeking immediate
financial gain. This distinction implies that the attackers are guided by external entities. The attack is conducted through continuous monitoring and interaction in
order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a “low-and-slow” approach is usually more
successful. Threat means that there is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code. The criminal
operators have a specific objective and are skilled, motivated, organized and well funded.Incorrect Answers:
A: Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to
resources that are normally protected from an application or user. The attack described in the question is not an example of privilege escalation. Therefore, this
answer is incorrect.
C: A malicious insider threat as the name suggests is carried out by an insider. In this question, the attackers are in an enemy country. Therefore, this answer is
incorrect.
D: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail
messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from
a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source
of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority. The attack described in the question is
not an example of spear phishing. Therefore, this answer is incorrect.https://www.damballa.com/advanced-persistent-threats-a-brief-description/ http://searchsecurity.techtarget.com/definition/spear-phishing