Ethical Hacking - APT Testing

APT Attack Testing

Customised, multi-vector attack simulations

Request a Quote

Advanced Persistent Threat (APT) Testing

An Advanced Persistent Threat (APT) is an attack vector where a malicious actor seeks to gain access to a targeted network through a series of synchronized (yet seemingly unrelated) attacks. The sole purpose is to breach the system undetected and remove data over an extended period of time without being discovered. An APT attack is a campaign of coordinated multi-tiered strikes against the target’s people, processes and technology. The threat is typically associated with nation-states or well-funded and financially motivated threat actors.

An APT campaign is usually comprised of synchronized social engineering and technical penetration attacks such as a combination of phishing emails, spear phishing, malicious code and rootkit installations, usually via trusted applications or connections and exploiting “zero-day” vulnerabilities.

Once access is achieved, the attacker establishes a back door and seeks to gather valid user and administrative credentials and move laterally across the targeted network undetected, installing more back doors, bogus utilities and ghost infrastructures for distributing advanced malware designed to remove sensitive data such as intellectual property, unnoticed. The attack method of operation is to hide in plain sight and become invisible to existing security measures by disguising itself as an authorised activity. An APT is an extremely sophisticated and dangerous threat that takes a specific testing methodology to identify.

Risk Crew delivers a unique, comprehensive and effective APT penetration testing service to assess and confirm whether your defences can detect and deter this severe threat.

Security Testing Overview Download

Network Of Data - APT Testing

Features and Components

Our service consists of a series of customised and coordinated attacks against people, process and technology (attack vectors) associated with your business systems. The objective is to assess the capability of existing security controls to identify and prevent an APT incursion.

Testing

Designation of a targeted information asset processed, stored or transmitted on business systems over a set time. Testing seeks to remove the targeted asset without discovery, simulating typical APT multi-vector attacks within the designated time period.

Methodology

We conduct extensive research and collation campaign, document all publicly available data pertaining to system-related business, people, process and technology. Relevant aspects are mapped to identify vulnerabilities that may be leveraged as attack vectors. We then run vulnerability assessments and attack simulations of these vectors are ran to highlight the most-effective ways an attacker could be successful.

Campaign Design

Risk Crew designs and executes customised attacks over an extended period against vulnerable threat vectors to infiltrate systems. Our methodology is based on emulating adversarial tools, tactics, techniques and procedures used in over 35 tracked APT campaigns.

APT Attack Testing Deliverables

Risk Crew’s service provides testing and a detailed report with an APT attack risk rating and provides specific recommendations for improving security defences and reducing the risk of attack, a workshop and on-call assistance.

APT Attack Testing Benefits

The Risk Crew APT Attack Testing Service assesses the effectiveness of the security controls implemented to identify and prevent a breach of its information assets. The Risk Crew APT Attack Testing Service confirms the effectiveness of your current:

Access controls

Compliance to end-user security policies and procedures

Vulnerability assessment programme

Identity management controls

Incident reporting programme

Change control procedures

Anti-malware controls

Intrusion detection or prevention controls

Information security awareness programme

Systems security administration programme

Remote access authentication controls

Incident response plans & procedures

Why Choose Risk Crew

Our experienced security engineers implement detailed APT methodologies to effectively assess your businesses capabilities to detect and mitigate an APT attack against your business.

All security testing engineers are thoroughly vetted and subject to in-depth professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Find out how Risk Crew can help reduce your risk of an APT attack.

Request a Security Testing Quote

Our experts will contact you to discuss your specific requirements

You may also be interested in:

Frequently Asked Questions

What is an Advanced Persistent Threat (APT)?

An Advanced Persistent Threat (APT) is a threat in which an attacker seeks to gain access to a targeted net and removing data over an extended period without being discovered.

What do APT attacks target?

Threat actors utilising APT attacks are usually targeting the covert removal of large amounts of financial data and / or intellectual property associated with the business. APTs require an investment of time and resources, and the threat actors’ targets are usually of significant value to ensure a return on this investment.

Which threat actors use APT attacks?

APT threats are primarily associated with nation-state and sophisticated cyber-criminal organisations as they require a significant investment of resources and are fuelled by zero-day vulnerabilities. A zero-day vulnerability is a software vulnerability that is unknown (or unaddressed by the vendor) and therefore can be exploited without detection. Zero-day vulnerabilities are attained through research or purchase from the dark web and therefore require significant resources to obtain.

How do you identify APT attacks?

APTs leave different footprints from other hacks as they compromise a target through gradual infiltration rather than blunt force. Consequently, they can be hard to identify. Many APT attacks are not discovered by the target’s themselves but rather through 3rd parties who identify traffic anomalies through their connections. Look for unexpected patterns or volumes of activity in what is understood as legitimate processes. Things like large significant increases in restricted access, logins late at night, unexpected information flows and unexpected data bundles are likely signs of an APT attack.

How do you reduce the risk of APT attacks?

There are generally five steps in combating APT attacks.

First: Conduct testing to assess the robustness of your detection and response controls.

Second: Consider implementing strong user multi-factor authentication.

Third: Practice information compartmentalisation within your business, restricting user groups to only the data they require to do their jobs (i.e. human resources, finance, IT).

Forth: Include the APT threat in the topics presented in your information security awareness training – with advanced training given to your IT staff.

Fifth: Reducing the threat of APTs requires a finely tuned awareness across the enterprise.