Which behavior does an advanced persistent threat use to elude detection?

Advanced persistent threats (APTs) are known for their stealthy and patient approach to achieving their objectives. The tactic of using a "low and slow" strategy is particularly effective in avoiding detection. This involves executing their activities gradually and subtly over an extended period, which minimizes the chance of triggering security alerts or drawing attention to their presence.

By operating slowly, APTs can blend in with normal network traffic and behaviors, making it more difficult for security personnel and automated detection systems to identify malicious activities. This approach allows them to gather data, establish footholds within the network, and move laterally without raising alarms. They might execute tasks like data exfiltration or reconnaissance in small, inconspicuous increments instead of in one large, easily detectable operation.

This method contrasts with tactics that rely on speed or heavy reliance on insiders, as these are more likely to generate immediate suspicion or alert mechanisms. The subtlety of the low and slow approach effectively enhances the longevity and success rate of APTs in compromising systems and remaining undetected for as long as possible.