Top view of hacker in working showing advanced persistent threat (APT)

The Anatomy of an Advanced Persistent Threat

Organisations across the globe have been victims of advanced persistent threat (APT) attacks, a form of cyberattack that stays dormant in networks for extensive periods of time while extracting as much data and information as possible before being detected. Southeast Asia has not been insulated from this threat too – Singapore healthcare group SingHealth’s hack was the result of an APT attack, and several Southeast Asian governments have been targeted as well.

Given the longevity of this type of cyberattack, the incidence rate of APTs has not really increased for large companies, but smaller businesses are being increasingly impacted. This would be a concern for a region like Southeast Asia. According to a report from the Asian Development Bank, 97 percent of all businesses in Southeast Asia are small or medium ones, and they employ 67 percent of the working population. However, there are proactive steps organisations can take to protect their devices, data, systems, and networks.

Understanding APTs and the current environment

APT attacks are simultaneously technically elegant yet simple. The attacks generally employ innovative techniques or exploit hidden vulnerabilities (zero-day exploits) to access a system and install themselves in oft-overlooked places.

The only way to remove an APT is by thoroughly scrubbing the entire system. APTs hide in printers and keyboards and IoT devices on your networks – things people forget even have a network connection.

In a world where there is widespread use of digital components with WiFi capabilities, cybercriminals can access and hide malicious code anywhere. Logically speaking, the easiest way to remove an APT might be to destroy all computer equipment. While impractical, it does suggest that current and potential victims will need to thoroughly understand their systems.

Prevention is a company’s best defence

The best defence against APTs is to do the basics well. A strong software solution can only do so much. All it would take is one misinformed employee falling victim to a cyberattack to bring down the entire system. In addition to a robust solution, there must be more emphasis on good operational practices and hygiene.

Security isn’t something special – it’s just operations done well. Investments must be made not only on solutions, but on talent as well. Talent is any organisation’s greatest asset. Safeguarding your information systems and the people that operate them and you will be a less attractive target.

Defending APTs is challenging, but not impossible

In the mid-2000s, a term emerged in the world of critical infrastructure cybersecurity – The Cyber Black Start. The concept is lifted directly from the engineering of power grids. Sometimes, to restabilize the grid, like after a massive blackout, you have to turn everything off and then back on again. The same can apply to cybersecurity.

If an organisation suffers an APT attack, they must move quickly. Shut all systems down and start bringing systems back up in order of precedence, ensuring that each is scrubbed clean before being added back to the network. This will be expensive and painful, but it will get results.

A Cyber Black Start may reveal components and systems unnecessary to core operations. Those never need to be restarted and this reduces complexity, providing cybercriminals with fewer places to hide their malicious code. It also pays to have a trusted cybersecurity partner. Leveraging such a firm’s expertise and putting in place processes and policies that prevent such a situation from recurring are important too.

To prevent APT attacks, practise basic #cyberhygiene – avoid clicking on suspicious links. implement endpoint protection, patch systems regularly, segregate networks, actively monitor for suspicious traffic and behaviours. #cybersecurity #respectdataClick to Tweet

Given the ongoing prevalence of APT attacks, organisations have every right to be wary. To prevent APT attacks, they simply need to practise basic cyber hygiene. Avoid clicking on suspicious links. Implement endpoint protection solutions and patch them regularly. Actively monitor traffic in systems and networks to identify suspicious behaviours and patterns. Keep networks segregated. Pay attention to employees who indicate that something is not right. Best practices do work, but not every organisation pays heed to them. Following those basic fundamentals will set an organisation up for success when it comes to cybersecurity.


Chief Information Security Officer at Aiven