apt: advanced persistent term

It’s been relatively easy to not get sick of the term APT since we have “cloud” being far more used, abused, and easy to hate. But I’m with Michael Starks over at Immutable Security, in being a little annoyed at the continued blaming of “APT” for any security issue. Saying something was caused or leveraged by APT isn’t actionable unless you define the actor(s) you’re using APT to refer to. Otherwise, this is dumb and has gotten out of control.

It’s true that almost everyone who makes a mistake blames something or someone else. That includes security incidents. “Well, gosh, that attacker was so sophisticated no one ever would have caught that!” is the undertone of almost every breach notice that tries to mention APT. Let alone any time an attack could possibly have been traced to some IP address in Asia or Eastern Europe. Hogwash.

Whenever I hear APT, I internally translate that to corporate and/or state espionage. To me, the “persistent” part of the term indentifies the threat as having a specific reason to continuously attack you, or at least a goal that until met will result in continuous attack. That’s a far cry from accidental breaches or crimes of opportunity because someone is dumb or naive. (Though I will grant that APT actors can utilize those holes as well.) This is also why I don’t consider APT new at all; we’ve had corporate/state espionage for ages. (Yes, *ages!*)

I’ve been silently predicting for many years the continued increase in corporate espionage diving further into the cyber world. We’re still only at the cusp, if you ask me. We’re talking tracking location of executives, cloning their devices from hotel rooms, befriending people in social networks in positions of influence (assets), outright stealing data from poorly guarded systems, and so on. Information is power, and the more you can get and then use it…even that naughty text pic from that executive’s phone to an “assistant” is useful.

Nonetheless, I’m likewise sick of the term APT.