Advanced Persistent Threats (APT): evolution, anatomy, attribution and countermeasures

In today’s cyber warfare realm, every stakeholder in cyberspace is becoming more potent by developing advanced cyber weapons. They have equipped with the most advanced malware and maintain a hidden attribution. The precocious cyber weapons, targeted and motivated with some specific intention are called as Advanced Persistent Threats (APT). Developing defense mechanisms and performing attribution analysis of such advanced attacks are extremely difficult due to the intricate design of attack vector and sophisticated malware employed with high stealth and evasive techniques. These attacks also include advanced zero-day and negative-day exploits and payloads. This paper provides a comprehensive survey on the evolution of advanced malware design paradigms, APT attack vector and its anatomy, APT attack Tactics, Techniques, and Procedures (TTP) and specific case studies on open-ended APT attacks. The survey covers a detailed discussion on APT attack phases and comparative study on threat life-cycle specification by various organizations. This work also addresses the APT attack attribution and countermeasures against these attacks from classical signature and heuristic based detection to modern machine learning and genetics based detection mechanisms along with sophisticated zero-day and negative day malware countermeasure by various techniques like monitoring of network traffic and DNS logs, moving target based defense, and attack graph based defenses. Furthermore, the survey addresses various research scopes in the domain of APT cyber-attacks.