Five Phases of the APT Lifecycle and its Log Trail
Advanced Persistent Threats (APTs) are a growing concern in the security industry. There is no single attack vector used by APTs, no single activity pattern, and thus no easy way for an organization to protect itself from an APT.
While no two APTs are the same, most follow a common lifecycle in which reconnaissance is performed against a target organization, an initial compromise of a host is accomplished and credentials are stolen, tools are installed to maintain access, lateral movement to the target data occurs, and ultimately the target data is exfiltrated. Although this activity is generally done "low and slow," often utilizing custom malware and/or legitimate credentials to avoid detection, activity at each phase leaves a footprint in the log trail.
Download this whitepaper to examine:
- The five phases of the APT lifecycle
- Insight and examples of the log trail that is often left behind at each phase.