After analyzing and correlating activity from multiple sensors, the security administrator has determined
that a group of very well organized individuals from an enemy country is responsible for various attempts
to breach the company network, through the use of very sophisticated and targeted attacks. Which of the
following is this an example of?

A.
Privilege escalation

B.
Advanced persistent threat

C.
Malicious insider threat

D.
Spear phishing

Explanation:
Definitions of precisely what an APT is can vary widely, but can best be summarized by their named
requirements:
Advanced – Criminal operators behind the threat utilize the full spectrum of computer intrusion
technologies and techniques. While individual components of the attack may not be classed as
particularly “advanced” (e.g. malware components generated from commonly available DIY construction
kits, or the use of easily procured exploit materials), their operators can typically access and develop
more advanced tools as required. They combine multiple attack methodologies and tools in order to
reach and compromise their target.
Persistent – Criminal operators give priority to a specific task, rather than opportunistically seeking
immediate financial gain. This distinction implies that the attackers are guided by external entities. The
attack is conducted through continuous monitoring and interaction in order to achieve the defined
objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a “low-and-slow”
approach is usually more successful.
Threat – means that there is a level of coordinated human involvement in the attack, rather than a
mindless and automated piece of code. The criminal operators have a specific objective and are skilled,
motivated, organized and well funded.
Incorrect Answers:
A: Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating
system or software application to gain elevated access to resources that are normally protected from an
application or user. The attack described in the question is not an example of privilege escalation.
C: A malicious insider threat as the name suggests is carried out by an insider. In this question, the
attackers are in an enemy country.
D: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking
unauthorized access to confidential data. As with the e-mail messages used in regular phishing
expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually
appear to come from a large and well-known company or Web site with a broad membership base, such
as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be
an individual within the recipient’s own company and generally someone in a position of authority. The
attack described in the question is not an example of spear phishing.
https://www.damballa.com/advanced-persistent-threats-a-brief-description/
http://searchsecurity.techtarget.com/definition/spear-phishing