Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Persistent Threats

Published byAmanda Jurkka Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Persistent Threats"— Presentation transcript:

1 Advanced Persistent Threats
Eli Mattrick Rachael Little Gus Pessolano

2 What is an Advanced Persistent Threat (APT) ?
Definition: “An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.” - Incapsula

3 About APTs Victims are usually targeted for a specific reason.
Theft of: Intellectual property, sensitive information Sabotage Total control, ransom Not a simple hit and run attack APT have in-depth attack strategies, see Cyber-Kill Chain Their goal is often to gain unauthorized access without detection, and to stick around for as long as possible. Targets can be anyone Governments and military organizations are the big targets. People, businesses can also be targeted. APT takes lots of resources and lots of time / planning. Because of the resources and planning required, APTs usually end up initiated by a government entity..

4 Kill Chain

5 Components of an Advanced Persistent Threat

6 Exfiltration Long, drawn-out exploits rather than quick and destructive ones Multiple machines compromised May take place multiple ways

7 Stealth Attackers try to persist for multiple attacks
Discreet activity Cleanup: removal of evidence

8 How do you detect an APT? Unusual login activity
High volume of modifications to databases and sensitive files New IP addresses Spear phishing attempts *You must know your baseline data flow and networking patterns first.*

9 Titan Rain Hackers based in China, most likely the Chinese Military, circa 2003 began a series of far-ranging cyberattacks against U.S government targets with the aim of stealing sensitive state secrets. Main targets included high-end systems of organizations such as NASA and the FBI. The level of sophistication used in the attacks led Adam Paller, SANS Institute research director, to state “no other organization could do this if they were not a military.” “They hit hundreds of computers that night and morning alone, and a brief list of scanned systems gives an indication of the breadth of the attacks. At 10:23 p.m. pacific standard time (PST), they found vulnerabilities at the U.S. Army Information Systems Engineering Command at Fort Huachuca, Arizona. At 1:19 am PST, they found the same hole in computers at the military's Defense Information Systems Agency in Arlington, Virginia. At 3:25 am, they hit the Naval Ocean Systems Center, a defense department installation in San Diego, California. At 4:46 am PST, they struck the United States Army Space and Strategic Defense installation in Huntsville, Alabama.”

10 Sykipot Attack Leveraged zero day exploits and other vulnerabilities in Adobe Reader and Acrobat. Part of a long-running series of cyberattack campaigns from 2006 to 2011 aimed primarily at U.S and U.K organizations including defense contractors, telecommunications companies and government departments. Spear Phishing was the primary attack vector. “The attackers initially issue reconnaissance commands to gather system and network information to determine if the computer was a host of interest to them. If so, the attackers would issue custom commands specific to the compromised environment in order to locate and exfiltrate desired information.” Well-funded. Analysis of the malware indicated it was most likely Chinese in origin.

11 GhostNet Infiltrated high-value political, economic and media locations in 103 countries between 2009 and 2011. Compromised systems were discovered in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan and the office of the Prime Minister of Laos. The foreign ministries of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan were also targeted. U.S was not believed to have been compromised or targeted as a result of the attack. Spear Phishing was the primary attack vector. The command center had the ability to install a “Gh0st Rat” on the compromised system, giving the attackers complete control to the system. This included webcams and microphones. “A report from researchers at the University of Cambridge says they believe that the Chinese government is behind the intrusions they analyzed at the Office of the Dalai Lama” Command and control infrastructure is based mainly in the People's Republic of China

12

13 continued

14 Gazer Attack perpetrated by Turla, a Russian cyber espionage APT group. Mainly targets Southeastern Europe as well as countries in the former Soviet Union Republic. (2016 – 2017). Spear Phishing is used to install the “Skipper” malware, which then installs Gazer components. “Gazer receives encrypted commands from a remote command-and-control server and evades detection by using compromised, legitimate websites (that mostly use the WordPress CMS) as a proxy.” Gazer uses code-injection technique to take control of a machine and hide itself for a long period of time in an attempt to steal information. Has the ability to forward commands received by one infected endpoint to the other infected machines on the same network.

15 APT Groups

16 Sources advanced-persistent-threat-in-your-network.html an-advanced-persistent-threat.html

Download ppt "Advanced Persistent Threats"

Similar presentations

James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications.

James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
CHINESE HACKERS. Where do they come from? In 2007 private security firm Mandiant was hired by the New York Times to trace cyber-attacks on their network.

CHINESE HACKERS. Where do they come from? In 2007 private security firm Mandiant was hired by the New York Times to trace cyber-attacks on their network.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
12/6/2010CS 591 - Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.
Defense Against the Dark Arts Defense Against The Dark Arts Christiaan Beek McAfee.

Defense Against the Dark Arts Defense Against The Dark Arts Christiaan Beek McAfee.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Advanced Persistent Threats CS461/ECE422 Spring 2012.

Advanced Persistent Threats CS461/ECE422 Spring 2012.
APT29 HAMMERTOSS Jayakrishnan M.

APT29 HAMMERTOSS Jayakrishnan M.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.

MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
In the Crossfire International Cooperation and Computer Crime Stewart Baker.

In the Crossfire International Cooperation and Computer Crime Stewart Baker.
THE THREAT LANDSCAPE FROM CYBERCRIME TO CYBER-WAR David Emm Global Research and Analysis Team.

THE THREAT LANDSCAPE FROM CYBERCRIME TO CYBER-WAR David Emm Global Research and Analysis Team.
Cyber Espionage Chien-Chung Shen

Cyber Espionage Chien-Chung Shen

Similar presentations

Ads by Google