The whole APT – or “Advanced Persistent Threat” – meme has received a lot of attention in the media. This site and others have written about APT-style hacks, such as the recent compromise at The New York Times. But what does an APT hack look like? And what would it mean if you or your employer were in the crosshairs of an APT-type actor?
The SANS Institute’s Securing The Human project has put together a nice training video that helps answer some of these questions, and to explain how APT-style attacks work.
This is good stuff – explaining the difference between cyber crime and APT, and generic enough that any organization could use it as a training video. SANS says that it will produce one of these a month, and post them on the first of each month.
My only criticism here is that, after they do a solid job describing how APT style hacks work, there’s precious little information on protecting yourself. The video advises to “limit the information about yourself that you put online.” Good advice – but cold comfort to the hundreds of millions of people who have already shared enough information to make for a useful phishing e-mail, but have no way to claw it back from Google, Facebook or Twitter.