1. ADVANCED PERSISTENT THREATS (APTs) - Simulation

2. ADVANCE PERSISTENT THREAT
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.
Some common features :
Target networks/organizations instead of individuals.
Use Spear Phishing for attack.
Use of centralized Command and Control.
Communicate with legitimate web services such as cloud storages and social networking to hide malicious activities.

4. APT attack behaviors a.) Entering phase :
Spear Phishing – Use of either or website to perform redirection to malicious content location.
SQL injection.
Hacking of wireless network – allows entrance into the network easing identification of victim/s.
b.) On Entrance :
The malicious file is saved on target host.
Could be embedded in jpeg or pdf files.
Could run automatically or user must be tricked for it.
Communicates with C&C as soon as it is executed.

5. c.) Dominating over the network phase:
The executable file receives commands from C&C for further actions.
Uses HTTP, FTP or DNS for client-server communication to reduce detection.
Receives commands to perform further propagation by forwarding mails or uploading malicious code to shared locations (like- cloud).
d.) Achieving desired goals:
Search for relevant processes.
Monitor the system for required information – login credentials and all confidential records.

6. Send all the information to the server(exfiltration).
e.) Removing tracks to stay undetected :
Encrypt the communication with the server – using SSL over HTTP.
Remove or modify relevant logs which may identify the attack – based on filenames or IP address.

8. CONCLUSION
APT is more advanced in a way that it stays undetected for a long period of time.
Detection is difficult mainly due to persistent silent monitoring which triggers very limited event changes.
Even if attack is detected, it remains a challenge to identify the real source or cause due to the long span of time already elapsed.