That can be precarious because if a machine is rebooted, the malware will disappear. However, Silva explained, "In a large enterprise, you can often find a server that's on 24 hours a day."
Jon Clay, a senior manager at Trend Micro in Cupertino, Calif., agreed that data bandits are getting more adept at covering their tracks after compromising a system. "The bad guys have added a maintenance phase to allow them to remain persistent a lot longer," he said.
"A lot of that involves cleaning up after they're done with a system," he continued. "As they move from one system to another, they're going to wipe their tracks from a previous machine.
"That's happening on a regular basis," he added.
On the plus side for defenders, awareness of APTs has risen over the last year due to some high-profile incidents -- notably the attacks on major U.S. media outlets -- and comments by high-ranking government officials, including President Barack Obama.
"A year ago, these things were happening and they weren't talked about very much," George Tubin, a senior security strategist with Trusteer in Boston, said in an interview. "Enterprises found compromised computers and would keep quiet about it.
"We still see a lot of that today," he continued, "but more and more institutions are becoming more public when they do discover APTs."
Sign up for CIO Asia eNewsletters.