In the last years, many public and private organizations have been target of Advanced Persistent Threats (APTs), sophisticated, targeted and persistent threats aimed to steal information like intellectual property, organization or state secrets for economic, technical political, or military reasons. In the future, APTs will probably continue to increase and change their attack patterns.
APTs are very difficult to detect and remove. They can act undetected on network for long time, control the target waiting for the opportunity to leaking out your information. In many cases, skilled and motivated attackers use advanced-intelligence techniques and are able to erase its presence.
Only an early detection and a strong response capability can help organization to face APTs attack. Identification of Threat Indicators and Techniques, Tactics and Procedures (TTP) of attacks as well as information sharing and collaboration can enhance prevention and detection capabilities of organization. In the same time, an effective operative collaboration requires adoption of common methodologies and standards.
For all these reasons EECTF has decided to create a working group on this topic and publicized the related report.
The study aims to:
- provide an overview of APTs attack patterns, threat indicators and possible recommendations
- provide a classification model to facilitate information sharing and enhance defence capabilities
The work is intended to share experts’ recommendations in order to correctly prevent, detect and respond to APT attacks.
The output of study has been shown at the thirteen EECTF plenary meeting in Rome.