Targeted Cyberattacks: A Superset of Advanced Persistent Threats Published in: Security & Privacy, IEEE (Volume:11, Issue: 1 ), Jan.-Feb. 2013, 54- 61.

Slides:



Advertisements
Similar presentations
SCADA Security, DNS Phishing
Advertisements

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
1 ©2014 Check Point Software Technologies Ltd. Modern Threats and Malware Kierk Sanderlin Regional Engineering Manager.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.
Threats and Attacks Principles of Information Security, 2nd Edition
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Enterprise Network Security Accessing the WAN Lecture week 4.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Norman SecureSurf Protect your users when surfing the Internet.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
A sophisticated Malware Arpit Singh CPSC 420
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
What is FORENSICS? Why do we need Network Forensics?
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
A Taxonomy of Computer Worms Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham ACM WORM 2003 Speaker: Chang Huan Wu 2008/8/8.
CSC8320. Outline Content from the book Recent Work Future Work.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
Brandon Resheske. What is Malware? Code designed to interfere with normal computer operation The correct general term, instead of ‘virus.’ Basically,
Maritime Cyber Vulnerabilities in the Energy Sector Center for Joint Operations of the Sea ODU Maritime Institute Students Crow, Fresco, Lee.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.
Speaker: Hom-Jay Hom Date:2009/11/17 Botnet, and the CyberCriminal Underground IEEE 2008 Hsin chun Chen Clinton J. Mielke II.
Malicious Software.
1 Tactics and Penetration Testing. Overview Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal. Tactics Penetration.
Battles in Cyber Space Dr Richard E Overill Department of Informatics.
Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
LIVE TALK - Security Speed Pitch di Luigi Tamburini, Product Management Team Leader Auditorium Gruppo 24 ORE Milano – 11 febbraio 2016.
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Network Devices and Firewalls Lesson 14. It applies to our class…
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.
Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain
International Conflict & Cyber Security
Stuxnet By Shane Serafin.
A lustrum of malware network communication: Evolution & insights
The next frontier in Endpoint security
Secure Software Confidentiality Integrity Data Security Authentication
TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊
Jon Peppler, Menlo Security Channels
MIT GSL 2018 week 1 | day 4 Introduction to Web Development II.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Propagation, behavior, and countermeasures
Home Internet Vulnerabilities
Motivation and Problem Statement
Strategic threat assessment
Unit 7 EIGRP Chapter 13 Using EIGRP in Enterprise Networks
Presentation transcript:

Targeted Cyberattacks: A Superset of Advanced Persistent Threats Published in: Security & Privacy, IEEE (Volume:11, Issue: 1 ), Jan.-Feb. 2013, Author(s): Sood, A.K. and Enbody, R.J. from Michigan State Univ., East Lansing, MI, USA 1

Outline Terms Cyberattack Advanced persistent threat APT events ( ) The targeted attack model Intelligence gathering Threat modeling Attacking and Exploiting targets Conclusion Reference 2

Terms Cyberattack A cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Advanced persistent threat These attacks aren’t necessarily more advanced than others. Persist in the face of adversity instead of moving on to weaker targets 3

APT events GhostNet was found by SecDev Group. gh0st RAT Operation Aurora. “Use after free” vulnerability in IE, which resulted in HTML object memory corruption. (code is injected in the free memory without any reallocation by creating a new object, and the object executes the code to gain shell.) 4

APT events Border Gateway Protocol (BGP) router in China sent erroneous traffic that updated the routing tables of several routers across the world. Stuxnet: A computer worm that was discovered in June Attributed to the US and Israel, was designed to exploit the Siemens Programmable Logic Controllers in SCADA networks with the ultimate goal of destroying centrifuges used to process nuclear material. 5

The targeted attack model Intelligence Gathering Open source intelligence (OSINT) gathering, which is the process of collecting intelligence from public or openly available resources. In passive mode, no actual interaction (traffic) takes place with the target. In semipassive mode, attackers use generic information- gathering methods that generate normal traffic without suspicion, such as DNS queries or WHOIS lookups. Threat Modeling Map the target environment and categorizing assets based on their importance and value into primary and secondary targets. Assessing risks and threats to determine which domains are most likely to reveal the attack and which domains might invite retaliation. 6

The targeted attack model (cont’d) 7

Attacking and Exploiting Targets Drive-by downloads and spear phishing. Exploiting Web infrastructure. Exploiting co-location services. Physical attacks. 8

Elements of Targeted Attacks Malware Infection Frameworks Browser Exploit Packs and Glype Proxies RATs and Rootkits Morphing and Obfuscation Toolkits Interface with an Underground Market 9

Preventive and Precautionary Measures 10

Conclusion 11

Reference threat threat 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.