Your SlideShare is downloading. ×
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept Secret) - Will Gragido and John Pirc
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Advanced Persistent Threats (Shining the Light on the Industries' Best Kept Secret) - Will Gragido and John Pirc

1,815
views

Published on

The following lecture will cover very advanced techniques and trade craft of subversive multi-vector threat's (SMT's) and advanced persistent threats (APTs) by two of the world's leading experts in …

The following lecture will cover very advanced techniques and trade craft of subversive multi-vector threat's (SMT's) and advanced persistent threats (APTs) by two of the world's leading experts in this specific field. It is important to understand that APT's have a long history and though typically not talked about unless you are dealing with Governments, Defense Industrial Base (DIB), research organizations and global financials are all too real. The techniques and tradecraft associated are so mature and diverse, they literally go undetected. Today’s Internet is far more complex, dynamic and diverse than ever before. Because of this fast-paced evolution within the threat landscape these types of attacks (as we predicted in a recent lecture at ToorCon in October 2009 in San Diego, Ca), have swiftly become mainstream. The telemetry of the attack surface knows no bounds and includes any mediums necessary for the completing their operational charter and missions. In most instances, these attacks are sponsored by nation state and sub-national entities either politically or economically motivated. During our discussion, we will address the history and psychology of these cyber actors as it relates to APTs and while advancing in an in-depth discussion on SMT's, crypto-virology, asymmetric forms of information gathering, recent use cases and next generation countermeasures for detecting and defending these types of attacks. Lastly, as we predicted last fall on the rise of the APT's into the mainstream, we will also leave you with yet another prediction of what to expect in the coming year.

Published in: Technology, Business

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,815
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
115
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BSidesSanFrancisco Advanced Persistent Threats (Shining the Light on the Industries' Best Kept Secret) Will Gragido | CISSP, CISA, IAM, IEM John Pirc | CEH, IAM, SANS Thought Leader Cassandra Security Analysis of the Security Industry and that it influences
  • 2. 2 Cassandra Security Analysis of the Security Industry and that it influences Agenda •  Introductions •  Advanced Persistent Threats – An Introduction •  Dynamic Shifts In the Threat Landscape •  Foreign Country Activity – Session Analysis Validation •  Subversive Multi-Vector Threats •  Gods of War: Blended Attacks •  Cryptovirology •  CrimeWare as a Service (CaaS) •  Question and Answer
  • 3. Cassandra Security Analysis of the Security Industry and that it influences Advanced Persistent Threats: An Introduction •  Well Documented and •  Advanced Persistent Quite Old Threats” ▫  Earliest known instances ▫  Named by the United date to the early 1990s States Air Force   Department of Defense ▫  What’s old is new again: Parlance   “Events of Interest” Origination points ▫  State Sponsored   State sponsored infowar labs ▫  Industrial Espionage   Intelligence agencies ▫  Colloquially referred to as   The underground ‘events of interest’   Though not not necessarily in the same fashion which threats such as ‘MyDoom’, ‘CodeRed’, or ‘Sql Slammer’ did; this is simply not the case
  • 4. Cassandra Security Analysis of the Security Industry and that it influences Advanced Persistent Threats: An Introduction •  Easy Definition for a Non- •  Sophistication Level: Trivial Challenge: ▫  Only as sophisticated as they ▫  Opportunistic form of cyber need to be attack developed and designed to ▫  Sophistication is determined and meet the needs of its architects in dictated by aggressors after compromising a specific system intelligence gathering has or group of systems in order occurred acquire and exfiltrate data to those behind the original attack •  Historical Targets of Opportunity & Interest: ▫  Military ▫  Intelligence ▫  Defense Intelligence Base ▫  High Tech (Intellectual Property  Lucent Technologies, Motorola etc.)
  • 5. Cassandra Security Analysis of the Security Industry and that it influences Advanced Persistent Threats The Classics The Subversives SMT’s Eligible Moonlight Byzantine Operation Receiver Exxon Maze Foothold Shockwave 1997 1998 1999 2004 2007 2009 2010 Solar Titan US Power Aurora Sunrise Rain Grid
  • 6. Cassandra Security Analysis of the Security Industry and that it influences Dynamic Shifts in Threat Landscape •  Your Father’s Internet ▫  Perimeters use to be will defined and so was the protection   Static & Informational   Firewall and AV saved the day   Web defacements and breaking into a network through open ports or OS vulnerabilities were par for the course •  Today’s Internet (Better have a virtual hazmat suit) ▫  Floating perimeters ▫  Dynamic, Interactive & Mobile ▫  App Driven ▫  Web browsers and plugins
  • 7. Cassandra Security Analysis of the Security Industry and that it influences U.S. military OKs use of online social Seriously…Seriously? Washington (CNN) -- U.S. military personnel are officially allowed to tweet. That's the upshot of the Pentagon's long-awaited policy on rank and file personnel using online social media, unveiled Friday. The new rules authorize access to Facebook, Twitter, YouTube, and other social media Web sites from nonclassified government computers -- as long as such activity doesn't compromise operational security or involve prohibited activities or Web sites. •  Security Risk & Social Media Trade-off
  • 8. Cassandra Security Analysis of the Security Industry and that it influences Hacking not Required Imagine the Possibilities
  • 9. Cassandra Security Non-Intentional Act Intentional Act Analysis of the Security Industry and that it influences Routes to the Cyber Market Expertise + Motivation + Attack Vector = Result Email None Notoriety and Compromise of an Asset/Policy