advanced targeted attacks

Preview:

Click to see full reader

Citation preview

1

Advanced targeted attacksAndrey Dulkin, Andy Givens, Andy Thompson, Lauren Horaist, Nick Dulavitz

2

What makes an attack “advanced?

An advanced attack is…

a targeted attack against a specific organization, during which an attacker operates extensively inside the

network

Contrary to:

Opportunistic endpoint attacks

Opportunistic endpoint attacks

Quick, targeted attacks (ex: call centers)

3

BREACH• Phishing• USB• Unsecured servers

RECON• Network queries• Passive listening• Probing

LATERAL MOVEMENT• Look for credentials• Look for access

DOMAIN COMPROMISE• Sufficient privileges

ACTIONS ON TARGET• Access servers, apps etc.

Stages of an Advanced Attack

4

Breach▪ Email with malicious attachment

5

Domain Controller

File Server 1

Admin Workstation

Web Server 3

Help Desk Workstation

Recon▪ What privileges do I HAVE?

▪ WHO are the privileged users?

▪ WHERE are they connected?

▪ What privileges can I GET?

Nmap Maltego

COMMON TOOLS USED FOR RECON

6

Domain Controller

Web Server 3

Help Desk Workstation

Lateral Movement▪ Connect to the shared machine

▪ Search for credentials

▪ Steal privileged credentials

File Server 1

Admin Workstation

PsExecmimikatz

COMMON TOOLS USED FOR LATERAL MOVEMENT

*****

Domain Admin credentials found!

7

Domain Compromise▪ Connect to Domain Controller

▪ Steal krbtgt hash

▪ Create a Golden Ticket with required privileges

▪ Locate and access desired system: SWIFTNet Domain Controller

NEXT: Steal the krbtgt hashGenerate golden ticket for full domain access

!

SWIFTNet

8Recipient Bank

SWIFTNet

SWIFT User 1

SWIFT User 2

Actions on target

!

SWIFTNet Server

▪ Access the SWIFT server

▪ Locate pending transaction file

▪ Inject fraudulent transaction

9

Profit!

10

Recommendations

Endpoint Network Credentials Monitoring Remove local privileges Control applications Detect malicious

executions

Patch systems Segment off sensitive

assets Route access through

jump servers

Enforce credential tiers Require multi-factor

authentication Secure and manage

privileged credentials

Set alerts on malicious events

Monitor behavior to detect anomalies

Monitor privileged users

11

Recommended

Targeted attacks: Tools and techniques - Synacktiv · Targeted attacks: Reconnaissance and planning to tailor the attacks for a specific target Specific objectives: retrieve sensitive
Documents
The Blueprint of Targeted Attacks
Technology
Targeted Attacks: Have you found yours?
Documents
Ensure outstanding visibility and synchronized remediation ... · ADVANCED PERSISTENT THREATS (APT) AND TARGETED ATTACKS EDR systems are commonly utilized to: identify APTs or targeted
Documents
Targeted Attacks - Imperva
Documents
Using EMET to defend against targeted attacks
Documents
Three Simple Steps to Prevent Targeted Attacks
Internet
ICT Security: Testing methodology for Targeted Attack defence … · threats: Targeted Attacks (TA) and Advanced Persistent Threats (APT) in general. The main objective of this thesis
Documents
TARGETED CYBER ATTACKS ANATOMY, VIVISECTION AND PROTECTION · TARGETED CYBER ATTACKS ANATOMY, VIVISECTION AND PROTECTION Sergey Gordeychik Deputy CTO, Kaspersky Lab Targeted Attack
Documents
Targeted Attacks on South Korean Organizations€¦ · Targeted Attacks on South Korean Organizations Attacks Using Local Word Processor Sep 2016 - Dec 2017 Analysis Research Team,
Documents
Advanced Targeted Attacks — The Attack · PDF fileAdvanced Targeted Attacks ... STAGE 1: System Exploitation • Drive-by attacks and casual browsing • Delivered via Web or email
Documents
Targeted Defense for Malware & Targeted Attacks
Technology
THE DESERT FALCONS TARGETED ATTACKS - Securelist
Documents
OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of
Documents
The Human Aspect of Targeted Cyber Attacks
Documents
Defending Against Advanced Targeted Attacks · these attacks • Real-time, integrated signature-less solution is required across Web, email and file attack vectors • FireEye has
Documents
Surviving Today's Targeted Attacks
Business
Cyber Attacks on Government - chippewa.ca · against advanced targeted attacks for Web, email, and files. FireEye, Inc. Cyber Attacks on Government 8 Gain a Cohesive, Correlated View
Documents
Securing DNS to Thwart Advanced Targeted Attacks and ...mendillo.info/seguridad/doc/Securing DNS.pdf · In June 2014, attackers used DNS amplification attacks to launch a distributed
Documents
Targeted Attacks and Advanced Threats Bryon Page Solution Systems Engineer
Documents