Advanced Persistent Threat

Ok, enough with the APT marketing and journalism diarrhea…  It’s really quite simple:

ad·vanced/ædˈvænst, -ˈvɑnst/ -adjective
1. ahead or far or further along in progress, complexity, knowledge, skill, etc.: an advanced class in Spanish; to take a course in advanced mathematics; Our plans are too advanced to make the change now.

per·sist·ent/pərˈsɪstənt, -ˈzɪs-/ –adjective
1. persisting, esp. in spite of opposition, obstacles, discouragement, etc.; persevering: a most annoyingly persistent young man.
2. lasting or enduring tenaciously: the persistent aroma of verbena; a persistent cough.
3. constantly repeated; continued: persistent noise.

threat/θrɛt/ –noun
1. a declaration of an intention or determination to inflict punishment, injury, etc., in retaliation for, or conditionally upon, some action or course; menace: He confessed under the threat of imprisonment.
2. an indication or warning of probable trouble: The threat of a storm was in the air.
3. a person or thing that threatens.

This term has been around for ages, and means exactly what the acronym’s words mean.  It’s not any single attack, it’s not any trivial or obvious piece of malware, and it’s not the bogeyman that the hot new security product will save you from.  It’s a particular class of threat.  The term gained critical mass being used as early as a few decades ago in the intelligence community where it is used to describe advanced and generally covert modus operandi for ensuring the ongoing gathering of intelligence about an individual or other entity.  The term has been more recently applied, although still at least a decade ago, to Information Security where it is used to describe an ongoing campaign of targeted, sophisticated attacks, or the actors facilitating or conducting said campaign.  In other words, a threat that is both advanced and persistent.

Please, for the love of all that’s holy, stop using “APT” interchangeably with “malware”.  A particular piece of malware may be an APT, or a component used by an APT, but not every APT is malware.  In fact, most of the time malware can’t be considered an APT as the majority of malware is neither relatively advanced nor persistent, and to be APT it would have to be both.

Tags: ,

One Response to “Advanced Persistent Threat”

  1. Brandon Dixon Says:

    I thought I may have been the only one to share the same thought. It’s gotten worse than cloud computing. I am pretty certain I have heard those 3 letters more than anything in the past few months. Whitepapers, blogs, tweets…make it stop!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: