Is an APT attack what an APT attack was?

I forget why but a colleague and I got into a conversation about APT (Advanced Persistent Threats) attacks the other day which turned into a mini-debate.  It started when he told me that he believed I misunderstood what an APT attack really is. 

I listened to his explanation and realised pretty quickly two things. (A) That either he was wrong or (B) the security industry media was wrong.  His description was something like this:

• Advanced – as in age.  The attack has been happening for some time and is established in your network or systems.
• Persistent – it ain’t going away, the attacker is continuing to take advantage of their position in your network.
• Threat – a bit of a misnomer, how can it be a threat if they are already in your systems?

My understanding seemed a bit more in tune with how I had heard and read other ‘experts’ using it:

• Advanced – as in technology, capable of using difficult and complex attack vectors.
• Persistent – very targeted, the attacker wants you and is not going to give up.
• Threat – because it is only a threat at this stage.

Having read the ever-faultless Wikipedia article on the matter it seems the authors give it a blend of the two but err on my side, leaving me none-the-wiser really.  I suspect that early on my colleague’s definition was correct but with time the meaning has morphed into a type of attack that is somewhat scarier.  That may be the reason the term has changed so much – fear is a great selling point and as an industry, we do like to bang that drum!

I figured I would open this to the floor, so anyone with an opinion please do comment!  In the meantime, I’m going to continue to side with the more popular choice.

YGHT can help you improve your cybersecurity

Lean how by contacting us