ADVANCED PERSISTENT THREATS (APTs) - Simulation

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

Advertisements

Lecturer: Fadwa Tlaelan

Unit 18 Data Security 1.

Security Issues and Challenges in Cloud Computing

12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Web server security Dr Jim Briggs WEBP security1.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Chapter 6: Hostile Code Guide to Computer Network Security.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

How do worms work? Vivek Ramachandran Nagraj – An Indian comic book hero, who commands all the snakes of the world.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

資安新聞簡報報告者：劉旭哲、曾家雄. Spam down, but malware up 報告者：劉旭哲.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

APT29 HAMMERTOSS Jayakrishnan M.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Module 14: Configuring Server Security Compliance

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Software Security Testing Vinay Srinivasan cell:

Smart Protection Network Kelvin Liu AVP, Core Tech Development.

The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash.

An Intro to Webhackery Parisa Tabriz. How the web was born Stage 1 : Network Protocols Stage 2 : HTTP Stage 3 : Server Side Scripting Stage 4 : Client.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.

Hardware and software that can provide a good level of security In this presentation I am going to provide advices on hardware and software that needs.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain

Database and Cloud Security

Intro to Ethical Hacking

BUILD SECURE PRODUCTS AND SERVICES

CSCE 548 Student Presentation Ryan Labrador

Ilija Jovičić Sophos Consultant.

Hacking Drones – Untersuchungen zur Sicherheit der Parrot AR.Drone 2.0

TMG Client Protection 6NPS – Session 7.

Cloud Computing By: Vanika Jennings.

Instructor Materials Chapter 7 Network Security

Backdoor Attacks.

Secure Software Confidentiality Integrity Data Security Authentication

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Securing the Network Perimeter with ISA 2004

Conquering all phases of the attack lifecycle

Hacking Drones – Untersuchungen zur Sicherheit der Parrot AR.Drone 2.0

Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.

Man-in-the-Middle Attacks

Intro to Ethical Hacking

Intercept X for Server Early Access Program Sophos Tester

SPRING DRAGON APT - A CASE STUDY OF TARGETED ATTACKS IN APAC COUNTRIES

Spear Phishing Ways to Minimize its Risks

Chap 10 Malicious Software.

Application layer Lecture 7.

UNIT 18 Data Security 1.

Tiers vs. Layers.

Lecture 2 - SQL Injection

Chap 10 Malicious Software.

ONLINE SECURE DATA SERVICE

Motivation and Problem Statement

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

Designing IIS Security (IIS – Internet Information Service)

Wireless Spoofing Attacks on Mobile Devices

Exploring DOM-Based Cross Site Attacks

Fast-Track UiPath Developer Module 10: Sensitive Data Handling

Cloud Migration Training

Presentation transcript:

ADVANCED PERSISTENT THREATS (APTs) - Simulation

ADVANCE PERSISTENT THREAT An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. Some common features : Target networks/organizations instead of individuals. Use Spear Phishing for attack. Use of centralized Command and Control. Communicate with legitimate web services such as cloud storages and social networking to hide malicious activities.

APT attack behaviors a.) Entering phase : Spear Phishing – Use of either e-mail or website to perform redirection to malicious content location. SQL injection. Hacking of wireless network – allows entrance into the network easing identification of victim/s. b.) On Entrance : The malicious file is saved on target host. Could be embedded in jpeg or pdf files. Could run automatically or user must be tricked for it. Communicates with C&C as soon as it is executed.

c.) Dominating over the network phase: The executable file receives commands from C&C for further actions. Uses HTTP, FTP or DNS for client-server communication to reduce detection. Receives commands to perform further propagation by forwarding mails or uploading malicious code to shared locations (like- cloud). d.) Achieving desired goals: Search for relevant processes. Monitor the system for required information – login credentials and all confidential records.

Send all the information to the server(exfiltration). e.) Removing tracks to stay undetected : Encrypt the communication with the server – using SSL over HTTP. Remove or modify relevant logs which may identify the attack – based on filenames or IP address.

CONCLUSION APT is more advanced in a way that it stays undetected for a long period of time. Detection is difficult mainly due to persistent silent monitoring which triggers very limited event changes. Even if attack is detected, it remains a challenge to identify the real source or cause due to the long span of time already elapsed.