Presentation is loading. Please wait.

Presentation is loading. Please wait.

A quick look into today’s APTs

Published byDustin Byrd Modified over 6 years ago

Similar presentations

Presentation on theme: "A quick look into today’s APTs"— Presentation transcript:

1

2 A quick look into today’s APTs
What is an APT Bogdan BOTEZATU – Senior e-threat analyst, Bitdefender

3 Intro to Targeted Attacks
Pick up an entity to breach – the larger it is, the higher the chances to find out more information Do your homework: what software / hardware are they using. Do they use applications that are known to be vulnerable? Pick an employee as target. And by the way, picking a target is as easy as this:

4 Targeted Attacks

5 If that doesn’t work, target their spouses

6 What makes cyber-criminals worth their while?
Information is power, it brings in intellectual property and allows attackers to PLAN COUNTER-INTELLIGENCE DEFENSE (See the Aurora APT in 2008). To create international incidents on other countries’ expense Create PANIC: why smash a plane into a building, when you can trigger panic by just disconnecting people from the power grid?

7 This is just supposition, right?
1982 – Trans-Siberian gas pipe blown up via SCADA bug 2009 – 2010 – Uranium enrichment facility at Natanz taken out of production via master compromise of SCADA 2007 – 2012 – Flamer subverts isolated networks and exfiltrates data in a manner never seen before. – Red October targets state infrastructures, including Romanian agencies and plants 2012 – MiniDuke – Highly targeted attack to make sure malware does not infect beyond scope or gets analyzed

8 On the bright side… There is no bright side. Period.
Nuclear missiles can’t be launched or controlled via Internet by unauthorized people. Command mechanisms reside in ISOLATED networks. SCADA systems are also isolated from the Internet. This doesn’t mean that the attackers did not manage to take complete control over them. What would happen if FLAMER hit a war control room instead of a power plant?

9 Today’s mantra State agencies can’t safeguard a nation’s security if they can’t protect THEMSELVES

10 Still, it’s not going to happen to us
Please tick the things that apply to your organization: We run a computer network on the premises (Some of) these computers are operated by humans They store information / data that we’d like to keep away from public or that we monetize one way or another. They run an operating system that is not custom-made for our organization

11 Test results The question is not if an attack is going to happen, it’s more when you’re going to detect the attack that is currently ongoing in your organization. Recent history shows that HIGH PROFILE attacks have been going on for more than five years until they were identified. Modern malware is not going to show any infection symptoms. Unless they’re designed to blow up gas pipes. Or sabotage your country’s nuclear program.

12 Now ask yourselves… …How am I contributing to my organization’s compromise by not taking measures? Exposing your employment relationship with the organization I’m straying from security best practices at work. I’m straying from security best practices AT HOME I’m not reporting to IT phishing / malware attacks which I did NOT fall for. Some other users might have fallen for that.

13 Mitigation Tighten security everywhere:
Firewall gateways and isolate exposed services. Run anti-malware / anti-spam solutions on mail servers Enforce policies – DON’T EXPECT THE USER to obey them by themselves (no USB, no Wi-Fi – AT ALL) Don’t allow telecommuting or work from home – Especially if you are a GOV’T agency. Monitor network activity in search of strange patterns. The Twitter connections you see may be C&C traffic. Plan in advance: security is not an afterthought. Minimize exploitation time: patch early or uninstall product.

14 Questions?

15

Download ppt "A quick look into today’s APTs"

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.

By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
1 www.vita.virginia.gov Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008 www.vita.virginia.gov.

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Module 2.2 1. 2  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1.

Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

Similar presentations

Ads by Google