3. Advanced Persistent Threats
Advanced
Higher levels of sophistication
Has access to Zero-Day exploits
Adapts to the victims defenses
Persistent
Attacks are specific
Continue until the specific goals are met
Intend to maintain communication with victim
compromised systems
Threats
Real power players behind attacks such as nation-states
Not your mom and pop hacking job
5. APT Attack Flow
Step 1 • Reconnaissance
Step 2 • Initial Intrusion into the Network
Sep 3 • Establish a Backdoor into the Network
Step 5 • Install Various Utilities
Step 6 • Lateral Movement and Data Exfiltration
6. Reconnaissance
First stage of an APT
Learning about the victims business
processes and technology
Tools
Whois
Nmap
Netcraft.com
Social Media Searching
Acting SKILLZ
7. Network Access
Spear-Phishing = #1 Way
Targeting specific high value people
Sending highly realistic email addresses
with attachments
Attachments include remote trojans or
malware
BUT WAIT, how does my malware get
passed IDS/IPS, Firewalls, and Email
Filters?
ADVANCED EVASION TECHNIQUES
8. Advance Evasion Techniques
Key techniques used to disguise threats to
evade and bypass security systems
Why are they advanced?
They combine multiple evasion
techniques that focus on multiple protocol
layers.
Evasions change during the attack
They allow malicious payloads or
exploits, such as malware to look normal
A wide variety of techniques
Combinations are endless
14. Lateral Movement
Compromise more machines on the network and setup more
back doors, this allows for lateral movement and persistence
Ex. TRiAD Botnet Control System
EXFILTRATE DATA!
15. Why is this happening?
Nation-State intelligence to aid in wartime
strategy and exploitation
Diminish competition and improve strategic
advantage by stealing intellectual property
To extort or ruin VIP
To gain $$$$ and gain economic power
16. Learning from the past…
Google - Hydraq
RSA SecureID
Iran’s Nuclear Plant - Stuxnet
All targeted attacks on huge companies
Anyone can be targeted.
18. Keep your eyes open
Elevated log-ons at unexpected times
Finding any backdoor Trojans
Look for any anomalies for information flow
Look for HUGE data bundles