“Just mention APT in your presentation / product, people will come and listen to you.” This is a comment made by a friend of mine when I was preparing a brief presentation on honeypots. It is very much the truth since the Google Attack in 2009. You see talks, whitepapers, dossiers, and products talking about what is APT, and how can we prevent them. Yet, there isn’t a uniformed definition of this term among them.
So… What's APT?
"It’s persistence of the adversary and the variety of techniques they’re using like malware or social engineering, against a nation’s significant economic interests."
— Eddie Schwartz, CSO of NetWitness
"APT is just a new phrase to describe malware that took advantage of sometimes simple weaknesses in networks that the targeted, victimized organization spent millions of dollars investing in technology. APT is a wishy-washy expression, because the threat usually “is not ‘advanced.'”
— Greg Hoglund, CEO of HBGary
"APT means an attack targeted at an organization to steal data, especially intellectual property. It’s stealthy, not a slash-and-burn. And it is persistent, not a one-time event, lasting a protracted period of time."
— Gerry Egan, Director of Product Management of Symantec
"Not all APT attacks are highly advanced and sophisticated, just as not every highly complex and well-executed targeted attack is an APT. The motive of the adversary, not the level of sophistication or impact, is the primary differentiator of an APT attack from cybercriminal or hactivist one."