Advanced Persistent Threats (APT) Sasha Browning.

Slides:

Advertisements

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

ECE Prof. John A. Copeland Advanced Persistent Threat Material.

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

RSA Attack Analysis Karl F. Lutzen, CISSP S&T Information Security Officer.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

Microsoft Ignite /16/2017 4:54 PM

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Lecture 11 Reliability and Security in IT infrastructure.

IBM Security Network Protection (XGS)

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureSurf Protect your users when surfing the Internet.

Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

APT29 HAMMERTOSS Jayakrishnan M.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

BUSINESS B1 Information Security.

Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level Fifth level June 10 th, 2009Event details (title,

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Botnets By: Brandon Sherman. What is a Botnet? Botnet is a term referring to a network of multiple computers being affected by software robots. These.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

CPT 123 Internet Skills Class Notes Internet Security Session A.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Security in Cloud Computing Zac Douglass Chris Kahn.

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Marin Frankovic Datacenter TSP

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.

Invitation to Computer Science 5 th Edition Chapter 8 Information Security.

Role Of Network IDS in Network Perimeter Defense.

Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.

Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Nuts and Bolts of ATA Chris Lloyd 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Senior Architect

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Understanding and breaking the cyber kill chain

Proactive Incident Response

Port Knocking Benjamin DiYanni.

Critical Security Controls

Intelligence Driven Defense, The Next Generation SOC

TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊

ADVANCED PERSISTENT THREATS (APTs) - Simulation

Incident Detection and Response

SPRING DRAGON APT - A CASE STUDY OF TARGETED ATTACKS IN APAC COUNTRIES

Spear Phishing Ways to Minimize its Risks

Network Security: IP Spoofing and Firewall

Chapter 4: Protecting the Organization

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

6. Application Software Security

Cybersecurity Simplified: Phishing

Engineering Secure Software

Presentation transcript:

Advanced Persistent Threats (APT) Sasha Browning

Breakdown Advanced – Combination of attack methods and tools Persistent – Continuous monitoring and interaction – “Low-and-slow” approach Threat – Attacker is skilled, motivated, organized and well funded

What is an APT? Definition – Sophisticated attack that tries to access and steal information from computers Requirement – Remain invisible for as long as possible

Why are APTs Important? Then – Just because – Demonstrate their skills Now – Attacks have evolved – Specific targets – Intend to maintain a long term presence

Problem with APTs File size is small File names don’t raise any red flags Almost always are successful Undetectable until it's too late More frequent No one is immune

Targets.mil and.gov sites Department of Defense contractors Infrastructure companies – power and water CEOs or leaders of powerful enterprise or gov. agencies

Stages of an APT Attack 1. Reconnaissance 2. Intrusion into the network 3.Establishing a backdoor 4.Obtaining user credentials 5.Installing multiple utilities 6. Data exfiltration 7.Maintaining persistence

Step 1: Reconnaissance Research and identify targets – Using public search or other methods Obtain addresses or IM handles

Step 2: Intrusion into the Network Spear-phishing s – Target specific people – Spoofed s – include malicious links or attachments Infect the employee's machine Gives the attacker a foot in the door

Step 3: Establishing a Backdoor Try to obtain domain admin credentials – grab password hashes from network DCs Decrypt credentials to gain elevated user privileges Move within the network – Install backdoors here and there – Typically install malware

Step 4: Obtaining User Credentials Use valid user credentials Average of 40 systems accessed using these credentials Most common type of credentials: – Domain admin

Step 5: Installing Multiple Utilities Utility programs conduct system admin. – Installing backdoors – grabbing passwords – getting s Typically found on systems without backdoors

Step 6: Data Exfiltration Grab s, attachments, and files Funnel the stolen data to staging servers – Encrypt and compress – Delete the compressed

Step 7: Maintaining Persistence Use any and all methods Revamp malware if needed

Problems with APTs Self-destructing malware – Erases if it fails to reach its destination Nobody monitors outbound traffic – Can look legitimate Sniffers – Dynamically create credentials to mimic communication

Disguising Activity Process injections – introduce malicious code into a trusted process – Conceals malicious activity Stub malware – Code with only minimal functionality – Remotely add new capabilities – Runs in the network’s virtual memory

Stopping APTs Weakness – Interactive access Solution – Find the link between you and the attacker – Block it Afterwards – Attacker will have to re-infect a new host

Summary Targets are carefully selected Persistent – Will not leave – Changes strategy/attack Control focused – Not financially driven – Crucial information It's automated, but on a small scale – Targets a few people

Questions

Sources Wired Dark Reading Damballa