Views:
Targeted attacks and advanced persistent threats (APTs) are organized, focused efforts that are custom-created to penetrate enterprises and government agencies for access to internal systems, data, and other assets. Each attack is customized to its target, but follows a consistent life cycle to infiltrate and operate inside an organization.
In targeted attacks, the APT life cycle follows a continuous process of six key phases.

APT Attack Sequence

Phase
Description
Intelligence Gathering
Identify and research target individuals using public sources (for example, social media websites) and prepare a customized attack
Point of Entry
An initial compromise typically from zero-day malware delivered via social engineering (email/IM or drive-by download)
A backdoor is created and the network can now be infiltrated. Alternatively, a website exploitation or direct network hack may be employed.
Command & Control (C&C) Communication
Communications used throughout an attack to instruct and control the malware used
C&C communication allows the attacker to exploit compromised machines, move laterally within the network, and exfiltrate data.
Lateral Movement
An attack that compromises additional machines
Once inside the network, an attacker can harvest credentials, escalate privilege levels, and maintain persistent control beyond the initial target.
Asset/Data Discovery
Several techniques (for example, port scanning) used to identify noteworthy servers and services that house data of interest
Data Exfiltration
Unauthorized data transmission to external locations
Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed, and often encrypted for transmission to external locations under an attacker’s control.
Deep Discovery Web Inspector can detect APT and targeted attacks by identifying malicious content, communications, and behavior that may indicate advanced malware or attacker activity across every stage of the attack sequence.