I know it has taken me a while to catch up, but I relegated it low priority when I first heard of this “APT” business. Bad of me? Who made this stuff up? This is something you’d only make up for a laugh. But, all of the sudden, my industry is talking about it. FFS. Is this an American thing?
….if I had to mention that to a client. “Stand back…..you have an APT!!!”…… “Thanks Draz…awesome we hired you to save us!”
I have nothing! If this makes Wikipedia, (which it may have by now (Ed: yeah, I know it’s there), I’d love to chat (Ed: modified to not scare people), with that genius who invented the term, (for our industry).
———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.
I was feeling so good until I read about this APT business! If I hear any rep mentioning it, our business is done! ;0)
D, you are the biggest shit stirrer in this industry. I know you know that. But, motherf**ker, you are right just about each go and you know that for the laugh as you say!!!!!!!!
No. But Hopefully the one that is perceived as the most honest and has never held back for our industry in Australia!
hmm……
Anyone who raises this in their blogs for me like you mention is a dick! And there has been many!
Can’t under estimate this. Best be ready!! Having a title to it makes it seem like something new and legit.
Dumb acronyms always help in the fight to fix a problem. Diverting attention to create an acronym kills time for those not capable of providing any value towards a solution.
http://en.wikipedia.org/wiki/Advanced_Persistent_Threat
But you knew that was there for the laugh. :0
How about the break up and definition of each part of APT? Someone seriously thinks they will be taken seriously and they probably are and will. LOL and probably only something that could come out of America.
For many, having acronyms helps them exist and the more the merrier. Let us not ponder upon our old failures. Let us rename them and provide hope and keep us in a job.
Let us take this forth and multiply it:
“For many, having acronyms helps them exist and the more the merrier. Let us not ponder upon our old failures. Let us rename them and provide hope and keep us in a job.”
How seriosly we take this stuff is funny. Does anyone have more stupid acronyms than IT? Yes. Can’t fix it? Rename it so we all think it is new. We’re not failing. This is new. Sounds like the government’s efforts in IT.
From Wikipedia;
“Definitions of precisely what an APT is can vary, but can be summarized by their named requirements below:
* Advanced – Operators behind the threat utilize the full spectrum of intelligence gathering techniques. These may include computer intrusion technologies and techniques, but also extend to conventional intelligence gathering techniques such as telephone interception technologies and satellite imaging. While individual components of the attack may not be classed as particularly “advanced” (e.g. malware components generated from commonly available DIY construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required. They combine multiple attack methodologies and tools in order to reach and compromise their target.
* Persistent – Operators give priority to a specific task, rather than opportunistically seeking immediate financial gain. This distinction implies that the attackers are guided by external entities. The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a “low-and-slow” approach is usually more successful.
* Threat – means that there is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code. The operators have a specific objective and are skilled, motivated, organized and well funded.[6]”
Works for me to question the assignment of acronyms and extension of definitions – reality change in some cases? What requirement to extend the definitions from basic reality to something to be assessed again as mentioned for the basis of reassigning priority and forgetting the failures of the past. Wondering how long before someone has the work title; “Advanced Persistent Threat Analyst”? Though I kid myself. Of course people are already using the title I am sure.
It’s actually APT-AHF (Advanced Persistent Threat of acronyms, hype and FUD); and it’s obviously alive
US Air Force around 2006, according to Bejtlich et al.
More than you would never want to read here:
http://taosecurity.blogspot.com/search/label/apt
One decent discussion here:
http://threatpost.com/en_us/blogs/its-adversaries-who-are-advanced-and-persistent-012610
I’m surprised no-one has yet trotted out “CPD”
Clear & Present Danger
Jeez I’m starting to sound like a wanker. Shut up Knuckle.
No Knuckle. Love it! Surely it’s being used in our industry somewhere. If not, it should be. We have “clouds”, we have “APTs”….why not “CPD”.
DD
Warning Warning – Danger Will Robinson !! we have an APF !!!
You might want to have a look at; http://vrt-sourcefire.blogspot.com/2010/03/apt-should-your-panties-be-in-bunch-and.html
APT: Should your panties be in a bunch, and how do you un-bunch them?
There is no more predictable group of people than marketers. Once a term reaches a certain tipping point, they grab onto it for dear life and choke it until it means nothing. Apparently, the Advanced Persistent Threat (APT) hit that point somewhere around December. Despite the term being used by the defense industrial base for years, it wasn’t until this year that firms really started pounding the “Come to us my children, only we can save you from death by APT” drum.