Monthly Archives: July 2013

Cracking the Maze of Advanced Persistent Threats!

Advanced Persistent Threats, as the name suggests, are advanced, persistent and deadly in their nature. The ghost of APTs can affect any organization at any moment of time. Security specialists have to face the ordeal of cracking the never-ending maze of APTs.

Security professionals need to employ a wide range of techniques and tools in their arsenal, both automated and manual in nature, including threat modelling, attack vectors, and the most difficult of all tasks: identifying the attacker. Various components include monitoring of logs, analysing the anomalous behaviours within the network traffic and keeping the staff well aware and trained to face any emergency.

APTs are hard to identify and usually come as a zero-day attack. Identifying that you are under an attack itself is hard to do, but once you’ve identified it, you start the real work of combating it and safeguarding your assets. The red signs of APT attacks are network exploration (also called pivoting) and data exfiltration.

Of late, APTs have challenged the best of security brains in combating them. This article identifies the processes and tools which can be used by Emergency Response Teams of organizations to strengthen their defence against APTs.

Read full article here : InfosecInstitute

Advanced Persistent Threats – Attack and Defence

Advanced Persistent Threats (APT) was originally coined while nations were involved in cyber-espionage. These techniques are used by cyber-criminals to steal data for monetary gains. Unlike other threats, these threats are advanced, often targeted, persistent in nature, and evasive too. APTs target particular organizations unlike other usually found malwares, which sweep down random millions of boxes. The sole intention here is to gain monetary benefit by causing damage to cyber infrastructure. This story would focus on nature of APTs; the methodology involved in performing APT based attacks and covers the possible defenses against the threats.

Business ranging from small to corporates face this growing problem. To come up with a fence to the organization constant vigilance, employee awareness, and security policies aligned with the nature of APTs is necessary. Even if the defense is breached after putting in best efforts, a remediation plan needs to be kept handy to address the situation. The attacks need high level of skill sets and expertise to execute, which just wait for the right opportunity to trigger. These are new, customized in order to breach the best of security fencing. Hardening the perimeters and servers will reduce the spread of evil code. Maintaining and scrutinizing the logs will allow early detection of threat and gives that extra time needed to address the situation.

The APT Life cycle covers 6 phases as enumerated below. (As reported by Michael Cobb)

  1. Phase 1: Reconnaissance
  2. Phase 2: Spear phishing attacks
  3. Phase 3: Establish Presence
  4. Phase 4: Exploration and Pivoting
  5. Phase 5: Data Extraction
  6. Phase 6: Maintaining Persistence

Read the complete article here: InfosecInstitute