SlideShare une entreprise Scribd logo

Cyber-Espionage: Understanding the Advanced Threat Landscape

Télécharger en tant que PPTX, PDF
Aaron White
Aaron White

Sophisticated cyber espionage operations currently present the biggest threat to small and medium sized businesses. Advanced persistent threats (APTs) ranging from nation-states to organized crime use zero-day exploits, customized malware, and social engineering to infiltrate networks, remain undetected for long periods, and steal valuable data. This presentation aims to explain APT attacks and provide recommendations on prevention, detection, and mitigation. It describes the typical four stages of an APT attack - reconnaissance, intrusion and infection, lateral movement within the network, and data exfiltration - and challenges of implementing security information and event management systems to detect such threats. Managed security services that provide 24/7 monitoring, threat analysis and response

Technologie
1  sur  20
Cyber-Espionage Understanding the Advanced Threat Landscape
Introduction Sophisticated cyber-espionage operations aimed at stealing trade secrets and other sensitive data from corporate networks currently present the biggest threat to small and medium sized businesses.
The Threat Advanced threat actors ranging from nation-state adversaries to organized cyber- crime gangs are using zero-day exploits, customized malware toolkits, and clever social engineering tricks to break into corporate networks, avoid detection, and steal valuable information over an extended period of time.
Objectives of This Presentation • Cut through some of the hype surrounding Advanced Persistent Threats (APTs). • Explain the intricacies of these attacks. • Present recommendations to help you improve your security position through: – Prevention – Detection – Mitigation
Advanced Persistent Threat (APT) A computer network attack that allows an adversary (usually a highly skilled and well- funded hacking group) to gain access to a network and stay there undetected over an extended period.
How It Works • Threat actors use a mix of one or more of the following to hack into computer systems: – Spear-phishing attacks – Zero-day exploits – SQL-injection techniques – Customized malware – Drive-by downloads – Clever social engineering • Once a machine is compromised, APT groups use sophisticated network tools to burrow deep into a corporate network. They maintain persistence over a period of time before finding valuable data to hijack and transmit to command-and-control servers around the world.
Example Successful Attacks • Lockheed Martin • SONY • Google • Adobe It’s important for businesses of every size to understand that the tools and capabilities used by well-funded APT groups are being used by cyber- criminal gangs. The majority of these network breaches are never publicly reported.
The 4 Stages of an APT Reconnaissance • Scoping out a specific target and preparing an attack. Intrusion and Infection • Distributing malware via spear-phishing or drive-by downloads. Lateral Movement • Tunneling through the infected network with password crackers and privilege escalation exploits. Data Exfiltration • Harvesting ‘interesting’ and valuable data for upload to command-and-control servers controlled by attack group.
Stage 1: Reconnaissance This is the preparation phase. • Collection of information on specific targets. – Using social networks like LinkedIn, Facebook and Twitter. – Purpose is to collect e-mail addresses, phone numbers, and business contacts. • Collection of information on the systems. – Type of operating system used. – Type(s) of anti-malware, or other anti-virus software running. – Data on unpatched third-party desktop software. • Gather intelligence on security controls. – To help build bypass and evasion tools.
Stage 2: Intrusion and Infection Using the information collected during Stage 1, the attackers create and deploy custom malware to the target. Spear- phishing E-mails that include a link to a malicious website or an e-mail attachment that is booby-trapped. Cyber-thieves typically modify legitimate documents from a targeted organization, and spoof the sender of the e-mail to look like it was sent by a work colleague.
Stage 2: Intrusion and Infection Other examples of tactics used include: Drive-by Downloads • If a user clicks on a link and visits a malicious website, a drive-by download occurs and the initial intrusion is successful. In cases where malicious attachments are used, a Word Doc or an Adobe PDF file can be rigged with exploits to ensure an infection. Watering Holes • The infection of websites that the targets already visit. Usually based on a group exploit. Man-In-The-Middle Attacks • When the communication between two targets is high-jacked and altered, with the targets thinking they are still talking to each other.
Stage 3: Lateral Movement The attackers now have control of the machine that was initially infected. However, the core of an APT attack is the ability to move laterally within a network. Using these specialized attack tools, the attackers gain access to additional machines and hijack authentication data that allows them to burrow deeper into the network. In most cases, the attacker is looking for a domain administrator account. How? Why? By downloading additional malware to the infected machine in the form of rootkits, network backdoors, password-cracking utilities, Remote Access Trojans (RATs), and privilege escalation exploits. To expand the access to the compromised network and maintain stealthy persistence for a long period of time.
On average, according to data from the Ponemon Institute, it took about 170 days to detect APTs launched by an organization. In some cases, attack groups can remain undetected for years.
Stage 4: Data Exfiltration The next stage includes stealing and transmitting the stolen data. In most cases, the attackers hijack everything from the network that might be of interest. • Stolen data typically includes Microsoft documents (Word, Excel, and PowerPoint), e-mail databases, and user accounts found on the network. • One approach is to use custom tools to harvest data based on file extensions; .doc, .xls, .ppt, and .pdf are the most popular. This data is then encrypted and transmitted to command-and- control servers for later retrieval by the attack groups.
Alex Stamos CISO, Yahoo! “For the most part, the security vendors I meet believe that IT departments want to run another agent on their Windows laptops, that production engineers are willing to put a cheap Lintel [Linux on Intel] 1U security device in their critical path, and that every company's security team is staffed like a Top- 5 bank. These assumptions are not true. Companies across the world are waking up to the fact that their security posture is insufficient to fend off the threats that breached Sony, Anthem and JPMC . . .” - From an April 1, 2015 article in SC Magazine entitled “The Failure of the Security Industry.”
A Solution Using SIEM Technology Many organizations are turning to SIEM (Security Information and Event Management) technology to identify security incidents. SIEM correlation rulesets must be honed and fine-tuned over a long period to ensure maximum detection and minimal false positives. Once up and running, SIEM products do a great job of aggregating this log data. However, in addition to being expensive, they still rely on in-house security expertise to know what to do if an incident occurs.
The Best Strategy A proper detection, remediation and mitigation plan should include the following: 24/7 Cyber-threat Detection This can be used to identify potential security breaches through intelligent correlation of various log and performance streams. Vast amounts of machine data can be converted into potential security alerts. Security Alert Assessments In addition to threat detection, businesses should consider tools to analyze and prioritize security alerts to actionable incidents. This helps to reduce false alarms and ensure resources are properly assigned to deal with threats. 24/7 Incident Response Create and implement round-the-clock incident response capabilities. Network administrators should have access to specialized security professionals for complex breaches. An on-call incident response team can provide support and guidance on how to best mitigate and remediate issues as they occur.
Reality: Implementing SIEM These are some of the challenges in implementing SIEM for your business: • 24/7 monitoring of log, performance and configuration data. • The cost is very high, configuration is complex and rulesets take significant time to fine-tune. • Building the infrastructure. • Staffing a SOC (Security Operations Center) with experienced workers 24/7/365. – IT security monitoring is potentially 99% sitting and waiting for an incident, and 1% remediation. How do you keep a highly skilled (and often, highly paid) worker happy when most of their job isn’t doing what they’re trained to do? For this reason, many businesses are turning to Managed Service Providers to manage their security strategy, and perform these advanced services. This market is expected to grow at 45% over the next 5 years.
Help Has Arrived eSOZO understands these challenges! • Our single goal is ensuring the utmost in protection around the clock, and at the same time, assist businesses in their regulatory compliance efforts. • Our continuous cyber-threat monitoring services help to reduce risk and aid in compliance by collecting real-time log, performance, and configuration data from the devices on a network, 24/7. • Then, advanced cloud-based SIEM technology is applied to identify threats and suspicious activity. • Within a state-of-the-art SOC, Advanced Security Engineers will evaluate each alert, eliminate false positives, investigate security incidents, and respond to cyber-threats targeting your organization. It’s this highly-skilled “human element” that is often missing from other providers’ solutions.
Contact us today for a free consultation on 24/7 cyber- threat monitoring, threat analysis, and response services. eSOZO Computer & Network Services 200 Route 31, Suite 202 • Flemington, NJ 08822 888-376-9648 • info@esozo.com

Recommandé

Cyber espionage
Cyber espionageCyber espionage
Cyber espionage
harshitakhandelwal26
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 

Recommandé

Cyber espionage
Cyber espionageCyber espionage
Cyber espionage
harshitakhandelwal26
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
Molfar
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Deepak Pareek
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ncell
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
SpencerBurton8
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
Skippedltd
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Dipesh Waghela
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Information security
Information securityInformation security
Information security
linalona515
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
fantaghost
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cyber security
Cyber securityCyber security
Cyber security
Sabir Raja
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
Simone Onofri
 

Contenu connexe

Tendances

Tendances (20)

What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 
Information security
Information securityInformation security
Information security
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similaire à Cyber-Espionage: Understanding the Advanced Threat Landscape

Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
rajkumar jonuboyena
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
amrutharam
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_Whitepaper
Duncan Hart
 

Similaire à Cyber-Espionage: Understanding the Advanced Threat Landscape (20)

Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
 
Challenges 14 security (1).pdf
Challenges 14 security (1).pdfChallenges 14 security (1).pdf
Challenges 14 security (1).pdf
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Threat Lifecycle Management_Whitepaper
Threat Lifecycle Management_WhitepaperThreat Lifecycle Management_Whitepaper
Threat Lifecycle Management_Whitepaper
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Dernier (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Cyber-Espionage: Understanding the Advanced Threat Landscape

  • 2. Introduction Sophisticated cyber-espionage operations aimed at stealing trade secrets and other sensitive data from corporate networks currently present the biggest threat to small and medium sized businesses.
  • 3. The Threat Advanced threat actors ranging from nation-state adversaries to organized cyber- crime gangs are using zero-day exploits, customized malware toolkits, and clever social engineering tricks to break into corporate networks, avoid detection, and steal valuable information over an extended period of time.
  • 4. Objectives of This Presentation • Cut through some of the hype surrounding Advanced Persistent Threats (APTs). • Explain the intricacies of these attacks. • Present recommendations to help you improve your security position through: – Prevention – Detection – Mitigation
  • 5. Advanced Persistent Threat (APT) A computer network attack that allows an adversary (usually a highly skilled and well- funded hacking group) to gain access to a network and stay there undetected over an extended period.
  • 6. How It Works • Threat actors use a mix of one or more of the following to hack into computer systems: – Spear-phishing attacks – Zero-day exploits – SQL-injection techniques – Customized malware – Drive-by downloads – Clever social engineering • Once a machine is compromised, APT groups use sophisticated network tools to burrow deep into a corporate network. They maintain persistence over a period of time before finding valuable data to hijack and transmit to command-and-control servers around the world.
  • 7. Example Successful Attacks • Lockheed Martin • SONY • Google • Adobe It’s important for businesses of every size to understand that the tools and capabilities used by well-funded APT groups are being used by cyber- criminal gangs. The majority of these network breaches are never publicly reported.
  • 8. The 4 Stages of an APT Reconnaissance • Scoping out a specific target and preparing an attack. Intrusion and Infection • Distributing malware via spear-phishing or drive-by downloads. Lateral Movement • Tunneling through the infected network with password crackers and privilege escalation exploits. Data Exfiltration • Harvesting ‘interesting’ and valuable data for upload to command-and-control servers controlled by attack group.
  • 9. Stage 1: Reconnaissance This is the preparation phase. • Collection of information on specific targets. – Using social networks like LinkedIn, Facebook and Twitter. – Purpose is to collect e-mail addresses, phone numbers, and business contacts. • Collection of information on the systems. – Type of operating system used. – Type(s) of anti-malware, or other anti-virus software running. – Data on unpatched third-party desktop software. • Gather intelligence on security controls. – To help build bypass and evasion tools.
  • 10. Stage 2: Intrusion and Infection Using the information collected during Stage 1, the attackers create and deploy custom malware to the target. Spear- phishing E-mails that include a link to a malicious website or an e-mail attachment that is booby-trapped. Cyber-thieves typically modify legitimate documents from a targeted organization, and spoof the sender of the e-mail to look like it was sent by a work colleague.
  • 11. Stage 2: Intrusion and Infection Other examples of tactics used include: Drive-by Downloads • If a user clicks on a link and visits a malicious website, a drive-by download occurs and the initial intrusion is successful. In cases where malicious attachments are used, a Word Doc or an Adobe PDF file can be rigged with exploits to ensure an infection. Watering Holes • The infection of websites that the targets already visit. Usually based on a group exploit. Man-In-The-Middle Attacks • When the communication between two targets is high-jacked and altered, with the targets thinking they are still talking to each other.
  • 12. Stage 3: Lateral Movement The attackers now have control of the machine that was initially infected. However, the core of an APT attack is the ability to move laterally within a network. Using these specialized attack tools, the attackers gain access to additional machines and hijack authentication data that allows them to burrow deeper into the network. In most cases, the attacker is looking for a domain administrator account. How? Why? By downloading additional malware to the infected machine in the form of rootkits, network backdoors, password-cracking utilities, Remote Access Trojans (RATs), and privilege escalation exploits. To expand the access to the compromised network and maintain stealthy persistence for a long period of time.
  • 13. On average, according to data from the Ponemon Institute, it took about 170 days to detect APTs launched by an organization. In some cases, attack groups can remain undetected for years.
  • 14. Stage 4: Data Exfiltration The next stage includes stealing and transmitting the stolen data. In most cases, the attackers hijack everything from the network that might be of interest. • Stolen data typically includes Microsoft documents (Word, Excel, and PowerPoint), e-mail databases, and user accounts found on the network. • One approach is to use custom tools to harvest data based on file extensions; .doc, .xls, .ppt, and .pdf are the most popular. This data is then encrypted and transmitted to command-and- control servers for later retrieval by the attack groups.
  • 15. Alex Stamos CISO, Yahoo! “For the most part, the security vendors I meet believe that IT departments want to run another agent on their Windows laptops, that production engineers are willing to put a cheap Lintel [Linux on Intel] 1U security device in their critical path, and that every company's security team is staffed like a Top- 5 bank. These assumptions are not true. Companies across the world are waking up to the fact that their security posture is insufficient to fend off the threats that breached Sony, Anthem and JPMC . . .” - From an April 1, 2015 article in SC Magazine entitled “The Failure of the Security Industry.”
  • 16. A Solution Using SIEM Technology Many organizations are turning to SIEM (Security Information and Event Management) technology to identify security incidents. SIEM correlation rulesets must be honed and fine-tuned over a long period to ensure maximum detection and minimal false positives. Once up and running, SIEM products do a great job of aggregating this log data. However, in addition to being expensive, they still rely on in-house security expertise to know what to do if an incident occurs.
  • 17. The Best Strategy A proper detection, remediation and mitigation plan should include the following: 24/7 Cyber-threat Detection This can be used to identify potential security breaches through intelligent correlation of various log and performance streams. Vast amounts of machine data can be converted into potential security alerts. Security Alert Assessments In addition to threat detection, businesses should consider tools to analyze and prioritize security alerts to actionable incidents. This helps to reduce false alarms and ensure resources are properly assigned to deal with threats. 24/7 Incident Response Create and implement round-the-clock incident response capabilities. Network administrators should have access to specialized security professionals for complex breaches. An on-call incident response team can provide support and guidance on how to best mitigate and remediate issues as they occur.
  • 18. Reality: Implementing SIEM These are some of the challenges in implementing SIEM for your business: • 24/7 monitoring of log, performance and configuration data. • The cost is very high, configuration is complex and rulesets take significant time to fine-tune. • Building the infrastructure. • Staffing a SOC (Security Operations Center) with experienced workers 24/7/365. – IT security monitoring is potentially 99% sitting and waiting for an incident, and 1% remediation. How do you keep a highly skilled (and often, highly paid) worker happy when most of their job isn’t doing what they’re trained to do? For this reason, many businesses are turning to Managed Service Providers to manage their security strategy, and perform these advanced services. This market is expected to grow at 45% over the next 5 years.
  • 19. Help Has Arrived eSOZO understands these challenges! • Our single goal is ensuring the utmost in protection around the clock, and at the same time, assist businesses in their regulatory compliance efforts. • Our continuous cyber-threat monitoring services help to reduce risk and aid in compliance by collecting real-time log, performance, and configuration data from the devices on a network, 24/7. • Then, advanced cloud-based SIEM technology is applied to identify threats and suspicious activity. • Within a state-of-the-art SOC, Advanced Security Engineers will evaluate each alert, eliminate false positives, investigate security incidents, and respond to cyber-threats targeting your organization. It’s this highly-skilled “human element” that is often missing from other providers’ solutions.
  • 20. Contact us today for a free consultation on 24/7 cyber- threat monitoring, threat analysis, and response services. eSOZO Computer & Network Services 200 Route 31, Suite 202 • Flemington, NJ 08822 888-376-9648 • info@esozo.com