|
An advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity. APT usually targets organizations and/or nations for business or political motives. APT processes require a high degree of covertness over a long period of time. The "advanced" process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The "persistent" process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The "threat" process indicates human involvement in orchestrating the attack.〔https://www.academia.edu/6309905/Advanced_Persistent_Threat_-_APT〕 APT usually refers to a group, such as a government, with both the capability and the intent to target, persistently and effectively, a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information,〔(【引用サイトリンク】url=http://go.secureworks.com/advancedthreats )〕 but applies equally to other threats such as that of traditional espionage or attacks.〔(【引用サイトリンク】url=http://www.commandfive.com/apt.html )〕 Other recognized attack vectors include infected media, supply chain compromise, and social engineering. The purpose of these attacks is to place custom malicious code on one or multiple computers for specific tasks and to remain undetected for the longest possible period. Knowing the attacker artifacts, such as file names, can help a professional make a network-wide search to gather all affected systems.〔(【引用サイトリンク】url=https://www.maliciousfilehunter.com/feature-live-search.php )〕 Individuals, such as an individual hacker, are not usually referred to as an APT, as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.〔(【引用サイトリンク】url=http://www.commandfive.com/threats.html )〕 ==History and targets== First warnings against targeted, socially-engineered emails dropping trojans to exfiltrate sensitive information were published by UK and US CERT organisations in 2005, although the name "APT" was not used. The term "advanced persistent threat" is widely cited as originating from the United States Air Force in 2006〔(【引用サイトリンク】url=http://www.sans.edu/student-files/projects/JWP-Binde-McRee-OConnor.pdf )〕 with Colonel Greg Rattray frequently cited as the individual who coined the term.〔(【引用サイトリンク】url=http://blogs.forrester.com/rick_holland/13-02-14-introducing_forresters_cyber_threat_intelligence_research )〕 The Stuxnet computer worm, which targeted the computer hardware of Iran's nuclear program, is one example. In this case, the Iranian government might consider the Stuxnet creators to be an advanced persistent threat. Within the computer security community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists, and by extension, also to refer to the groups behind these attacks. Advanced persistent threat (APT) as a term may be shifting focus to computer based hacking due to the rising number of occurrences. PC World reported an 81 percent increase from 2010 to 2011 of particularly advanced targeted computer hacking attacks. A common misconception associated with the APT is that the APT only targets Western governments. While examples of technological APTs against Western governments may be more publicized in the West, actors in many nations have used cyberspace as a means to gather intelligence on individuals and groups of individuals of interest. The United States Cyber Command is tasked with coordinating the US military's response to this cyber threat. Numerous sources have alleged that some APT groups are affiliated with, or are agents of, nation-states. Businesses holding a large quantity of personally identifiable information are at high risk of being targeted by advanced persistent threats, including:〔 *Higher education *Financial institutions 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Advanced persistent threat」の詳細全文を読む スポンサード リンク
|