Thursday, December 15, 2011

Advanced Persistent Threats - Thank You Wikipedia

My head is near exploding, as I'm sure yours is, from all the APT news.  It's everywhere, I swear I saw it on the cover of the Weekly World News.

What annoys me is that the first several times I heard about an APT, "they" were basically describing any other virus or malware.  The only difference was that the writers did a better job hiding their command and control, and they used more, and varying, ways to hide from AV and stay resident.  This is a lame term as there is no line where quality achieves the level of Advanced!!

After hearing about the nature of the RSA breach, I have decided to only give credence to those who refer to an APT as an actor.  APTs are not code.  An APT is someone, some organization, or a nation state who is well funded, highly sophisticated, and persistent in their goal to compromise something.

I went to Wikipedia to see what the masses were saying, assuming the worst.  Wikipedia agrees with me?  I may  have to turn in my security spurs.  :-P

Proper use, "I am an advanced persistent threat".

Improper user, "I created an advanced persistent threat".

You can kill or jail an advanced persistent threat, but you can't delete it.

No comments:

Inputting falsified referrals to this site violates the terms of service of this site and is considered unauthorized access (hacking).