· Essentially the most suspected warning signals can be the suspicious emails, therefore monitoring email activities and suspicious mails and downloads can help detect APTs.
· An abnormal network behavior based on protocols usage, applications, traffic volume and user behavior also helps identify a possible attack.
· Malware destructions can be identified in common file formats like pdf, html, gif etc. Being able to detect malware shellcode in these malicious files effectively helps finding out APTs.
· The IP addresses, websites, files, and email servers that have a history of malicious activity are often subject to such attacks in future also. So scrutinizing the connection’s reputation or an unreliable source can provide ample informations for Advanced Persistence Threat Detection.