SlideShare a Scribd company logo

Undermining security infographic

Venafi
Venafi

Why did Chinese cybercriminals want to breach an American health services company? Perhaps they were hoping to resell personal data or learn how to operate distributed hospital systems for profit. More likely, this was a test—a proof-of-concept attack that was vastly successful in stealing data by undermining the security controls of this Fortune 200 business. Having now proven the attack vector, APT 18 will decide when and where to use the attack on other targets. How did they do it? This exclusive new infographic highlights the 4 attack stages used by many threats that rely on compromised keys and certificates to bypass existing enterprise security controls. Learn these stages and find out how to ensure your enterprise is not the next headline.

Internet
1 of 1
Download to read offline
ONLY A TEST PROOF OF CONCEPT 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010 011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110 100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110 000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100 101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011 110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000 101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110 010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101 101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111 101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101 111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100 001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100 001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001 011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011 101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101 100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100 011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110101011111010100111010100011 STOLE PRIVATE KEYS 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010 011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110 100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110 000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100 101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011 110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000 101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110 010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101 101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111 101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101 111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100 001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100 001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001 011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011 101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101 100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100 011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110101011111010100111010100011 GAINED ACCESS ATTACK STAGE 2 EXPANDED FOOTHOLD ATTACK STAGE 3 ATTACK STAGE 4 EXFILTRATED DATA WARNING APT18’s test attack was vastly successful in stealing data by undermining the existing security systems. What will be their next target? Have you protected your keys and certificates from misuse, such as a Heartbleed compromise, malware, or other exploits? PROTECT YOUR BUSINESS 1 Learn how to protect your business at www.venafi.com/apt18-attack 2 3 4 Secure: Find all keys and certificates Enforce: Apply policies and workflow requirements Detect: Identify changes, misuse, and anomalies Respond: Replace keys and certificates automatically THE ATTACKERS EXFILTRATED DATA USING SSL Most security controls do not conduct SSL inspection or have ALL of the keys necessary to decrypt ALL traffic, leaving a huge blind spot. ATTACKERS BYPASSED SECURITY CONTROLS Used encrypted SSL/TLS communications to bypass security controls, including DLP, IDS/IPS, threat detection, sandboxing, etc. ONCE IN, ATTACKERS WORKED TO ELEVATE PRIVILEGES AND EXPAND ACCESS Stole or created new SSH keys and certificates for future backdoor access and exfiltration of data. ATTACKERS BYPASSED SECURITY CONTROLS Including firewall, authentication, VPN and privileged access controls by using stolen keys and certificates to hide their activity. THE ATTACKERS BREACHED THE COMPANY Using stolen private keys and VPN credentials. The private keys were used to decrypt live data. ATTACKERS BYPASSED SECURITY CONTROLS Circumventing firewalls, authentication, and other security controls. NAME ID SSN ADDRESS Attackers used HEARTBLEED To compromises private keys. ATTACKERS BYPASSED SECURITY CONTROLS In addition to Heartbleed, they could have used any of the millions of malware variants that steal keys and certificates to bypass security controls. KEYS & CERTIFICATES INTRODUCTION As reported by Time, Bloomberg, and others, known Chinese cyber-espoinage operator, APT18, compromised a Fortune 200 American health services organization and stole data on 4.5 million patients. ATTACKERS BYPASSED SECURITY CONTROLS Using compromised keys and certificates. ATTACK STAGE 1 APT 18 UNDERMINING SECURITYTHE BAD GUYS HAVE TESTED A POWERFUL PROOF-OF-CONCEPT ATTACK AND PROVEN IT WORKS. WILL YOU BE THE NEXT TARGET?

Recommended

RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case study
Venafi
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking Point
Venafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
Venafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland Hostels
John Harry Enggaard
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
Venafi
 
Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
Venafi
 

Recommended

RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case study
Venafi
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking Point
Venafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
Venafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland Hostels
John Harry Enggaard
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
Venafi
 
Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
Venafi
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Venafi
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
Venafi
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
Venafi
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
Venafi
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
Venafi
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
Venafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
Venafi
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
rahman018755
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
nilamkumrai
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
AanSulistiyo
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
Matthew Sinclair
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Seo
 

More Related Content

More from Venafi

How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
Venafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
Venafi
 

More from Venafi (7)

Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 

Recently uploaded

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
nilamkumrai
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 

Recently uploaded (20)

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 

Undermining security infographic

  • 1. ONLY A TEST PROOF OF CONCEPT 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010 011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110 100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110 000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100 101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011 110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000 101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110 010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101 101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111 101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101 111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100 001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100 001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001 011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011 101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101 100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100 011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110101011111010100111010100011 STOLE PRIVATE KEYS 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010 011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110 100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110 000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100 101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011 110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000 101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110 010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101 101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111 101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101 111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100 001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100 001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001 011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011 101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101 100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100 011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110101011111010100111010100011 GAINED ACCESS ATTACK STAGE 2 EXPANDED FOOTHOLD ATTACK STAGE 3 ATTACK STAGE 4 EXFILTRATED DATA WARNING APT18’s test attack was vastly successful in stealing data by undermining the existing security systems. What will be their next target? Have you protected your keys and certificates from misuse, such as a Heartbleed compromise, malware, or other exploits? PROTECT YOUR BUSINESS 1 Learn how to protect your business at www.venafi.com/apt18-attack 2 3 4 Secure: Find all keys and certificates Enforce: Apply policies and workflow requirements Detect: Identify changes, misuse, and anomalies Respond: Replace keys and certificates automatically THE ATTACKERS EXFILTRATED DATA USING SSL Most security controls do not conduct SSL inspection or have ALL of the keys necessary to decrypt ALL traffic, leaving a huge blind spot. ATTACKERS BYPASSED SECURITY CONTROLS Used encrypted SSL/TLS communications to bypass security controls, including DLP, IDS/IPS, threat detection, sandboxing, etc. ONCE IN, ATTACKERS WORKED TO ELEVATE PRIVILEGES AND EXPAND ACCESS Stole or created new SSH keys and certificates for future backdoor access and exfiltration of data. ATTACKERS BYPASSED SECURITY CONTROLS Including firewall, authentication, VPN and privileged access controls by using stolen keys and certificates to hide their activity. THE ATTACKERS BREACHED THE COMPANY Using stolen private keys and VPN credentials. The private keys were used to decrypt live data. ATTACKERS BYPASSED SECURITY CONTROLS Circumventing firewalls, authentication, and other security controls. NAME ID SSN ADDRESS Attackers used HEARTBLEED To compromises private keys. ATTACKERS BYPASSED SECURITY CONTROLS In addition to Heartbleed, they could have used any of the millions of malware variants that steal keys and certificates to bypass security controls. KEYS & CERTIFICATES INTRODUCTION As reported by Time, Bloomberg, and others, known Chinese cyber-espoinage operator, APT18, compromised a Fortune 200 American health services organization and stole data on 4.5 million patients. ATTACKERS BYPASSED SECURITY CONTROLS Using compromised keys and certificates. ATTACK STAGE 1 APT 18 UNDERMINING SECURITYTHE BAD GUYS HAVE TESTED A POWERFUL PROOF-OF-CONCEPT ATTACK AND PROVEN IT WORKS. WILL YOU BE THE NEXT TARGET?