Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Persistent Threats (APT) Sasha Browning.

Published byAshley Chapman Modified over 8 years ago

Similar presentations

Presentation on theme: "Advanced Persistent Threats (APT) Sasha Browning."— Presentation transcript:

1 Advanced Persistent Threats (APT) Sasha Browning

2 Breakdown Advanced – Combination of attack methods and tools Persistent – Continuous monitoring and interaction – “Low-and-slow” approach Threat – Attacker is skilled, motivated, organized and well funded

3 What is an APT? Definition – Sophisticated attack that tries to access and steal information from computers Requirement – Remain invisible for as long as possible

4 Why are APTs Important? Then – Just because – Demonstrate their skills Now – Attacks have evolved – Specific targets – Intend to maintain a long term presence

5 Problem with APTs File size is small File names don’t raise any red flags Almost always are successful Undetectable until it's too late More frequent No one is immune

6 Targets.mil and.gov sites Department of Defense contractors Infrastructure companies – power and water CEOs or leaders of powerful enterprise or gov. agencies

7 Stages of an APT Attack 1. Reconnaissance 2. Intrusion into the network 3.Establishing a backdoor 4.Obtaining user credentials 5.Installing multiple utilities 6. Data exfiltration 7.Maintaining persistence

8 Step 1: Reconnaissance Research and identify targets – Using public search or other methods Obtain email addresses or IM handles

9 Step 2: Intrusion into the Network Spear-phishing emails – Target specific people – Spoofed emails – include malicious links or attachments Infect the employee's machine Gives the attacker a foot in the door

10 Step 3: Establishing a Backdoor Try to obtain domain admin credentials – grab password hashes from network DCs Decrypt credentials to gain elevated user privileges Move within the network – Install backdoors here and there – Typically install malware

11 Step 4: Obtaining User Credentials Use valid user credentials Average of 40 systems accessed using these credentials Most common type of credentials: – Domain admin

12 Step 5: Installing Multiple Utilities Utility programs conduct system admin. – Installing backdoors – grabbing passwords – getting emails Typically found on systems without backdoors

13 Step 6: Data Exfiltration Grab emails, attachments, and files Funnel the stolen data to staging servers – Encrypt and compress – Delete the compressed

14 Step 7: Maintaining Persistence Use any and all methods Revamp malware if needed

15 Problems with APTs Self-destructing malware – Erases if it fails to reach its destination Nobody monitors outbound traffic – Can look legitimate Sniffers – Dynamically create credentials to mimic communication

16 Disguising Activity Process injections – introduce malicious code into a trusted process – Conceals malicious activity Stub malware – Code with only minimal functionality – Remotely add new capabilities – Runs in the network’s virtual memory

17 Stopping APTs Weakness – Interactive access Solution – Find the link between you and the attacker – Block it Afterwards – Attacker will have to re-infect a new host

18 Summary Targets are carefully selected Persistent – Will not leave – Changes strategy/attack Control focused – Not financially driven – Crucial information It's automated, but on a small scale – Targets a few people

19 Questions

20 Sources Wired http://www.wired.com/threatlevel/2010/02/apt-hacks/ Dark Reading http://www.securityweek.com/anatomy-advanced-persistent-threat Damballa http://www.damballa.com/knowledge/advanced-persistent-threats.php

Download ppt "Advanced Persistent Threats (APT) Sasha Browning."

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
ECE-6612 Prof. John A. Copeland 404 894-5177 Advanced Persistent Threat Material.

ECE Prof. John A. Copeland Advanced Persistent Threat Material.
Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.
RSA Attack Analysis Karl F. Lutzen, CISSP S&T Information Security Officer.

RSA Attack Analysis Karl F. Lutzen, CISSP S&T Information Security Officer.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.

Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.

Similar presentations

Ads by Google