Attackers behind many of the so-called advanced persistent threats are known for targeting specific organizations, infiltrating them and remaining stealthy for lengthy periods of time. But cybercriminals, even those backed by powerful nation-states, often use fairly common hacking techniques and less sophisticated methods to gain initial access to systems and steal data.
"More often than not, these efforts follow a path of least resistance and rely on simpler, tried-and-true methods rather than zero-day attacks and sophisticated malware," wrote Leslie Horacek, who authored the IBM X-Force Trend and Risk Report. "Advanced persistent threats, while persistent, did not always use advanced technical approaches such as zero-day exploits and self-modifying malware."
Post a comment to the original version of this story on CRN