APT! Kill it! Kill it!! Kill it!!!

Argh! Another dozen APT stories in the last couple of days! Will no one rid me of this meddlesome buzzword?

(No, I don’t expect an answer to that question. Yes, I know it’s a media meme. I just wish security professionals, who should know better, would stop using it.)

Quick tip: in order to identify useless stories that use the term, check to see if the author, at the beginning, clearly defines what an APT is. Those that do not are garbage. (That would be all of them.) Is it advanced? No, APTs use malware we already know about: viruses, trojans, remote access trojans (RATs), keyloggers, that sort of thing. APTs use social engineering (aka “lying”) in order to get users to install malware. (That’s hardly new or advanced.) Is it persistent? Well, in many cases that’s true: a lot of these attacks go on over time, but that’s not particularly new: even Cliff Stoll’s “wiley hacker” kept it up for years. (Don’t know who Cliff Stoll is? Kids these days. Go away and do some actual research and learn about the field before you start trying to tell me that APT is an actual thing.) Is it a threat? Yes, but so are a lot of things.

The latest article I’ve seen, this morning, says that an “APT occurrence is a low-frequency high-impact incident.” Oh, good. An APT is a Black Swan. As Lady St. Hillier would say, “Good. Very specific.”

  • Pleymort

    I disagree.
    Even though APT isn’t new, the threat is obviously increasing and becomes the threat that all security officers fear currently.
    Orora, Bercy, Night Dragon, RSA,…
    So APT isn’t a buzzword, it’s just the word that fits to the phenomenon that happens these days, that’s why they use it, at least I think so…

  • Pingback: SecuriTeam Blogs » Complexity is killing us