Just to clarify, this post is about APT and I’m not trying to sell you something.
Advanced Persistent Threat (APT) is the all the buzz these days. It’s become an all-encompassing term to describe just about any covert intrusion in the news. Guess what? APT is espionage. It’s not spammers, it’s not opportunistic hackers, it’s not criminals trying to get credit card information. Wikipedia has a good entry: http://en.wikipedia.org/wiki/Advanced_Persistent_Threat
The problem is that APT sounds sexy. It’s easy to say and has had so much press everyone has heard of it. Vendors love to say they stop APT. Chris Eng covers that well here: http://www.veracode.com/blog/2011/03/please-jump-off-the-apt-bandwagon/
My proposal is simple. We need sexy descriptions of the other types of threats. Once we have these new terms, people who refer to APT can be corrected and referred to the Hot New Threat (HNT).
The first new term is Perpetual Financial Threat (PFT). PFT covers all those threats that involve banking or credit.
Perpetual – Just like the definition, it continues forever, it’s everlasting. Attackers are always looking to increase their bank account. They target large companies as well as single users, if you have money or credit, they are want to take it. They never stop, because the rewards are huge.
Financial – The end goal is making money. Stealing identities, credit card details, bank account information, anything that will ultimately be involved in fraud or sold to fraudsters.
Threat â€“ Their intention is to steal your Personally Identifiable Information (PII). They are out there and they are coming for you. They are phishing, spamming, and actively looking for exploits on you network and computers. They have automated tools and large botnets to help them achieve their goal of taking your money.
Disclaimerâ€¦ PFT is not to be confused with Bill the Cat and Pfft or Thbbft or Ack! http://en.wikipedia.org/wiki/Bill_the_Cat
The next suggested term is Automated Opportunistic Attack (AOA).
Automated – The attackers build tools into their malware to perpetuate themselves. The malware itself is designed to spread itself to any device that is vulnerable to the built-in exploits. This also covers scripts that written for the purpose of scanning for exploits.
Opportunistic – These attackers and tools are not discriminating, they attempt to exploit any and all vulnerable hosts. The end goal is to control as many hosts as possible. The hosts will be remotely controlled and become a commodity that can be rented to other criminals.
Attack – Hostile intentions to steal your information and commandeer your computer.
AOA is all those scans and connection attempts that most firewalls block. These attacks have become so commonplace, they’ve become an accepted part of connecting to the Internet. They are mostly easy to defend against, but if they are successful, they are a pain to clean up.
I initially intended to redefine APT to mean Automated Perpetual Threatâ€¦but that just seemed silly. These new terms should catch on quickly and somehow make me a lot of money. I look forward to it.