Detecting Stopping Advanced Attacks

Detecting and Stopping Advanced Attacks

From Hackers’ Games to Cybercrime

Introduction

Digital Gold

Warp Speed of Attack

Targeting –

Penetration via Endpoints –

Reconnaissance –

Paths of Attack –

Mining for Digital Gold –

Exfiltration –

Persistence, Cleanup – and Cover-up

Conventional Defenses are too Slow

Detection Must be Automatic

Stopping Malware from Executing

Bit9’s Advanced Threat Indicators

Bit9’s ATIs in Action

Get Ahead of Advanced Threats

About Bit9

Information Email

https://www.bit9.com/why-bit9/

mailto:contact%40bit9.com?subject=Request%20for%20More%20Information%20About%20Detecting%20and%20Stopping%20Advanced%20Threats.




Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email



Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Hacking used to be more of a game: showing off a hacker’s

prowess, getting publicity — especially within the hacking community.

Increasing value of information spawns well-funded for-profit

cybercriminals and nation-states. Cyber attacks are “weaponized.”

Advanced Threat Landscape: What Organizations Need to Know - Frost & Sullivan

LEArn MorE White Paper

AcceSS Overt (Showing off ) Stealthy

Motive Vandalism Profit, Espionage and/or Damage

MetHoDS One Stage/ComponentIndiscriminate, Mass DistributionCommon Vulnerability

TargetedMulti-faceted, PersistentZero Day

exAMpleS 1998: CIH1999: Melissa2000: ILOVEYOU

2001: Code Red2003: SQL Slammer, Blaster, Sobig.F2004: Bagle, MyDoom, Sasser

2006: Nyxem2007: Zeus

2010: Stuxnet2011: Morto Worm2011: SpyEye2012: Gauss2012: Flame

1990s Present

2









https://www.bit9.com/download/whitepapers/FS-WP-Advanced-Threat-Nov.pdf








Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

LEArn MorE by clicking on these “live” symbols when you see them.

Introduction

Today’s cyber threat has changed in sophistication, in focus, and in its potential impact on your business.

This eBook will tell you how today’s advanced attacks require automatic detection and incident response.

You will learn how you can most effectively protect your business.

Who should read this eBook?

• ciSo/it Prepare a business case for effective security solutions.

• cFo Understand the financial implications posed by advanced threats.

• cxo Answer the concerns of your board and stockholders.

3

White Paper/ Data Sheet

Video WorkbookWebinar Threat Advisor InformationBlog


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email










Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Learn How to Effectively Protect Your

Business.

4

Getting (and Staying) Ahead of Advanced Threats: A Workbook for Assessing Your Advanced Threat Protection Posture

LEArn MorE Workbook

*2012 Cost of Cyber Crime Study: United States. Ponemon Institute, October, 2012.

industry examples

types of High-value information for Sale

Business Associates

Healthcare Patient health information Pharmacies, insurers

TechnologyIntellectual property, trade secrets, patents, designs

Law firms

GovernmentState secrets, Social Security information

Contractors

RetailCustomer data: personal and financial

Banks

AllCorporate data: contracts, business plans, staff data

Business process service providers

Digital Gold

Every enterprise has

high-value information

vital to its success. As

cyber-attack techniques

become more sophisti-

cated, this “digital gold” is

increasingly vulnerable.

A study by the Ponemon Institute found

that the average annualized cost of

cybercrime in 2012 is $8.9 million per year,

with a range of $1.4 million to $46 million.*

The cost of cybercrime includes more

than the value of the stolen information. It

includes the costs of business disruption,

lost opportunity, damage to brand, and

recovery efforts.

It’s not just the primary owner of the

information who is vulnerable — so are

networked business associates and partners

who represent additional attack surfaces.

the High cost of cybercrime • Sony estimated their costs from 2011

data breaches were at least $171 million.

• A competing manufacturer stole source

code from a control-system supplier —

the supplier’s stock dropped 83%.

• A metallurgical company lost to cyber-

espionage technology built over 20 years

at a cost of $1 billion.

• The Canadian government stopped a

$38.6 billion takeover bid when attacks

compromised sensitive information at

government agencies and law firms.

• Civil penalties for ePHI breaches can be

up to $250,000, with repeat/uncorrected

violations reaching $1.5 million per

violation, per year.


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.bit9.com/download/reports/Threat_Workbook_low.pdf









Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email


Business.

5

Gone in 15 Minutes…Protect Your Domain Controllers from Advanced Threat

LEArn MorE Webinar

Advanced attacks typically

are not “smash-and-grab”

events. The Advanced

Persistent Attack (APT)

involves stealthy infiltration

of endpoints and ongoing

theft of your digital gold

over time.

Gone in 15 Minutes A cybercriminal group may take months

to identify key targets, develop specialized

malware to exploit specific vulnerabilities,

and exercise remote command and control

during the attack.

Most advanced attacks are not detected,

and certainly not stopped, in time to prevent

theft or damage.

Once infiltration is accomplished, the

essence of the attack itself, the exfiltration

of data, can be as fast as 15 minutes.

APTs are designed to remain undetected,

compromising systems for months or even

years. Attackers cover their tracks, trying to

erase any evidence of having ever entered

the system.


Stages in an Advanced Attackclick on each stage to learn more.

1 targeting

2 penetration via endpoints

3 Reconnaissance

4 Mining for Digital Gold

5 exfiltration

6 persistence, cleanup and cover-up


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.bit9.com/resources/webinars/gone-in-15-minutes-protect-your-domain-controllers-from-the-advanced-threat/#









Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Targeting


Business.

6

Considerable research

goes into choosing targets

of APTs. Cybercriminals

know well the value of

credit card information,

Personally Identifiable

Information (PII), and

intellectual property.

Gone phishing Attackers will use social media and public

sources to identify key individuals such as

Michael, Director of Finance, and his boss,

the CFO, or other department heads in a

large technology company, for example.

They might learn they are a Microsoft®

shop using Windows®-based Office and

SQL Server® databases. It is not difficult to

even know the versions and patch levels

of these systems within the organization.

They know the company runs on a fiscal

calendar year and that next year’s budgets

will be worked heavily in Q4.

During that time frame, Michael would be

likely to open an email with subject lines

about budget or headcount, particularly if

they use familiar names and titles.

To embellish the “lure” in this spear-phishing

tactic, attackers will also use social media,

industry events and the company website

to gather information relevant to Michael

himself. Perhaps they will even attend

corporate or industry events in which

Michael participates.

The email lure with tailored subject line

and message will contain a malformed

document or perhaps a spreadsheet, or

it will prompt Michael to visit a dummy

website or to run a program.

If Michael doesn’t take the initial lure,

organized cybercrime or nation-state

groups will continue to try him at different

times with tweaked subject lines, messages

and payload vehicles.

And they won’t just target Michael — they

will also conduct WhoIs Internet searches

for administrative contact phone numbers

and emails.

To avoid detection, an attacker might use DNS

Lookup for ISP details to make their emails

appear more legitimate and to hide their origin.

They also switch among multiple network

proxies to try and remain anonymous.


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email









Penetration via Endpoints


Business.

7

Bi9 Whiteboard: Retail (Part I). Chris Strand, Bit9 Security and Compliance Practice Manager

LEArn MorE Video

individual Desktop or laptopWhen Michael opens up the spear-phishing

email, he downloads a malformed spread-

sheet designed to take advantage of a

known, seemingly minor, desktop

application vulnerability.

Once the package is delivered to Michael’s

desktop, the attacker can manipulate by

remote command and control and look for

other “lateral” access points.

One might be a print spooler or driver from

which the malware gets administrative

permissions.

poS terminal or ServerIt’s Black Friday, the biggest shopping

day of the year.

Updates (particularly of AV with large

libraries that drag on systems) are

delayed to accommodate the high

volume of transactions.

That’s the window attackers have been

preparing for; they launch an attack that

penetrates through known vulnerabilities

in older POS terminals and servers.

via USB StickAn enterprise has a large mobile workforce,

some of whom regularly transfer large

amounts of data between home and office.

A file is downloaded from the worker’s

laptop to a USB and, from there, to a

desktop at work.

Malware moves from the USB onto the

desktop (or server) and begins looking for

additional vulnerabilities.

I N T E R N E T

Source Desktop or Laptop POS Terminal or Server USB Stick


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

https://www.youtube.com/embed/PGaKb_A3fMw









Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Real-time Remote command and control“This attack is interactive with a real person sitting at the other end. You can see this in the timing and occasional typos and extra spaces in commands. You can also sense the increase in frustration as the attack progresses — or, rather, fails to progress.

The total attack took close to an hour, after which the attacker probably moved on to a different target. But it is safe to assume that if the compromised system remained in place, the attacker would try again after analyzing this failure.

That’s the very real persistent in advanced persistent threat.”

Anatomy of a Server Attack. Chris Lord, Systems Architect, Bit9. October 2012.

Having penetrated an endpoint, APT

malware establishes remote command

and control so that the attacker can

perform stealthy reconnaissance; that is,

map the network topology and look for any

obstacles and opportunities.

A commonly used tool to map smaller

networks or subnets is nmap; a collection

of tools (like Paketto Keiretsu) can map

larger networks with discovery and network

path tracers.

Nmap uses port numbers to show what

applications are running on a specific

port and can correctly identify many

applications by their banners.

The banner also provides version information

which allows attackers to identify application

vulnerabilities (i.e., outdated patches) that

can be exploited to gain further access.

Once the network topology has been

mapped and applications identified —

including security measures — attackers

can use real-time command and control

to execute their strategy.

The goal of reconnaissance is to locate

servers with the high-value data —

and/or to establish routes to administrative

credentials that give attackers access to

these assets.

Reconnaissance


Business.

8

Remote Command and Control

Domain Controllers File Servers App/Web Servers


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email










Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Paths of Attack


Business.

9

Having performed their reconnaissance

and decided on a route of attack, the real

attack begins. From Michael’s desktop

they may appropriate local admin rights

to gain “legitimate” access to the local print

server. With admin permissions on the local

print server, it is likely he can advance to a

corporate print server or a server located

in a department of interest (i.e., finance,

development, legal). This route would

circumvent firewalls and intrusion detection

systems because the communications

would appear to be normal print commu-

nications. There would be no reason

to suspect malware at this point.

Once in the targeted domain, it would be

much easier to look for out-of-date system

patches, or known vulnerabilities from

previous reconnaissance, on file servers or

domain controllers. At this point, you have

been effectively compromised.

Bit9 Whiteboard: Server Security. Michael Bilancieri, Director of Product Management

LEArn MorE Video

Path Of An Advanced Attack

Michael’s Desktop

Print Server in His Department

Corporate Print Server

Corporate File Server or Domain Controller

compromised!


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.youtube.com/embed/VSnRops8ifU









Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Mining for Digital Gold


Business.

10

the Keys to the Kingdom For attackers taking the long view, domain

controllers are a high-value target because

they contain the set of passwords and

administrative permissions that enable

stealthy access on an ongoing basis.

But attackers can also be opportunistic.

Having penetrated the system, they quickly

look for unencrypted, high-value databases

and file servers containing credit card or PII

data, IP and trade secrets.

Protecting Domain Controllers, Bit9 Threat Advisor

LEArn MorE Threat Advisor

Strategy: Attack Domain controllers

Steal the “keys to the kingdom”: passwords and permissions.

Gives attacker “legitimate” access to resources at will for as long as needed.

Strategy: Attack Databases, File Servers

Especially if data is not encrypted or if attacker spots target of opportunity.

Files/folder names may be revealing: Patents, Legal, etc.

Domain Controllers

DB and File Servers


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.bit9.com/download/reports/Report-Protecting-Your-Domain-Controllers.pdf








Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Attackers decide the time

and speed of exfiltration.

The most dramatic

scenario: downloading an

entire database of PII or

corporate IP in minutes.

APTs reside on your system for a long time.

One technique is to schedule tasks to run at

a later time at a higher permission. They can

smuggle out data hidden in packets such

that they are very hard to spot — even if

you know you were compromised.

As additional data becomes available,

attackers will return again and again to

access and exfiltrate more gold.

A study of 200 data breaches in 24 different

countries showed that the most common

method of extracting data is through the

same remote access application used for

entry. Services such as native FTP and HTTP

client functionality were also frequently

leveraged for data extraction. When

malware was utilized for data extraction,

FTP, SMTP and IRC functionality were all

observed. (In reverse analysis of custom

malware, binaries sometimes disclosed the

existence of FTP functionality, including

hardcoded IP addresses and credentials.)

Off-the-shelf malware, such as keystroke

loggers, most often used built-in FTP and

email capabilities to exfiltrate data.

When email services were employed,

the attackers often brazenly installed a

malicious SMTP server directly on the

compromised system —to ensure the data

was properly routed!

Exfiltration


Business.

11

Cyber Threats Target Intellectual Property,Bit9 Threat Advisor

Data Exfiltration: How Data Gets Out – CSO Online – Security and Risk. 2009 study published in 2010.

Domain Controllers DB and File Servers


percentage of Methods Used to exfiltrate Data


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

28% Microsoft Windows Network Shares

27% Native Remote Access Application

17% Malware Capability: FTP

10% Native FTP Client

6% SQL Injections

4% Malware Capability: SMTP

2% Malware Capability: IRC

< 1.5% Others





https://www.bit9.com/download/threat-advisors/ThreatAdvisor_IP_v1n7_Final.pdf








Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

Persistence, Cleanup and Cover-up


Business.

12

Bit9 Whiteboard: Protecting Virtual Desktops and Critical Servers

LEArn MorE Video

Most advanced attacks are not overt, one-

time smash-and-grab events. They are

designed to persist and remain undetected,

even as they communicate back to the

command-and-control center for malware

updates and modifications.

One tactic is the creation of “dummy”

administrative accounts that “fly under the

radar” of regular IT monitoring.

Another is leaving behind “back doors” in

compromised applications for future access

and exfiltration of valuable information.

Besides these “crumbs,” the advanced

attacker cleans up and erases most traces

of itself. The use of forensics to understand

an attack and take action to prevent future

attacks are challenging.

What’s needed is technology in situ that can

in fact pick up the crumbs that attackers

cannot erase.

These include information on who wrote a

suspicious file, when it was written, where

it went on the network, and if it wrote any-

thing else (the spawn of the spawn). This

type of information can be extracted — if

you know what you are looking for — even

if the files themselves have been deleted.

The security technology needs to be able to

show you everything that arrived on your

system in, say, the last 24 hours or even the

last three months. Where was this file, and

what was the related activity? It needs to be

able to help find and follow the crumbs.

This is key to remediation and, ultimately,

prevention.

Domain Controllers DB and File Servers App/Web Servers


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.youtube.com/embed/d-XuB0zVPJ4










Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email



Business.

13

Bi9 Whiteboard: Early Detection and Continuous Auditing – Harry Sverdlove, Bit9 CTO

LEArn MorE Video

No matter how dedicated and talented,

security staff cannot keep up with the

volume of data flowing through the

enterprise architecture. Security systems

like SIEM, IPS/HIPS, and firewalls can in fact

add to the data overload.

Quantity of information is one thing, but the

real problem for securing your data is the

speed with which things happen.

The problem with traditional solutions is

they all try to do the same thing: detect

and reject malware with a known signature.

They look outside your enterprise and try

to identify and stop all the malware in the

world coming into your enterprise. But that

approach isn’t sufficient any more.

If you cannot keep track of all executables

on your system, whether they run or not,

you will never be able to reconstruct the

elements of an attack.

By changing your focus from the malware

you’re trying to keep outside your organiza-

tion to the software your want inside your

organization, you can determine what

software you trust and only allow that to

run in your organization. Everything else, by

default, is untrusted and can be automati-

cally denied or flagged as suspicious.

Up

dat

es

Dow

nlo

ads

inst

alls

Up

dat

es

oth

er t

hre

ats

Mem

ory

infe

ctio

ns

Soci

al e

ng

inee

rin

g

Zero

-day

Att

acks

Web

Dri

ve B

y

ph

ish

ing

Dow

nlo

ads

inst

alls

in a perfect world, there would only be “good” software (~25K executables per machine).

in the real world, systems are under attack from 100 to 400 million variants.


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.youtube.com/embed/RbxSNDTSRBk









Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

The volume of data and

speed of cyber attacks

dictate that detection

must be automated.

Antivirus software, HIPS and conventional

application control or whitelisting

solutions are based on an after-the-fact,

reactive model.

What’s required is a proactive and trust-

based model which provides rational,

automatic filtering to cull and focus the

exact information you must interpret.



Business.

14

Reactive Limitations Tools

AntiviRUS Signature based (blacklist libraries); scan based; no sensor to analyze systems in real time

HipS Information too shallow: doesn’t tell where .exe files were spawned; no historical data for time-based analysis to determine level and impact of potential threat; cannot apply latest indicators to historical data; cannot assess network effect or correlate across all of your systems

leGAcy ApplicAtion contRol/WHiteliStinG

Relies on combination of AV and HIPS products — and therefore suffers from same limitations as above; can’t continuously monitor for suspicious activity; doesn’t have the granularity to provide a time-based historical view of each system; no ability to replay an event or attack to understand the threat, risk and impact


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email










Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email



Business.

15

A Family Affair: Stopping Gauss, Bit9 Threat Advisor. December 2012.


Automatic detection, embedded in your

security environment, is the first barrier to

APTs — but suspicious executables need

to be stopped until the issue is resolved in

order to prevent any damage from being

done.

Let’s look at a real-world example. With a

proactive trust-based model in place, a

security team at a banking organization was

alerted that a new file had been written by

svchost.exe.

Within seconds this file attempted to

execute, but because the file hashes were

untrustworthy (and not because they were

on any AV blacklist — they were not until

eight months later), execution was blocked

automatically.

Alerts were sent and logged, but at the

time there was nothing else to suspect, and

no malicious activity had been allowed to

occur.

Indeed, it was not until months later when

the larger community began to identify

components of the complex malware now

known as Gauss that the bank realized it

had been automatically protected. Gauss

was targeting Middle East banks and their

users and was successful in compromising

many other organizations.

2. Execution Blocked

5th February 2012 Written by svchost.exe

1. New File Variation


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.bit9.com/download/threat-advisors/ThreatAdvisor_Dec_Gauss.pdf











Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email



Business.

16

Bit9: A DVR for Your Endpoints

LEArn MorE Blog

Why customers need Bit9 Advanced threat DetectionIf a customer has devices not running Bit9, or if any Bit9- protected systems are not in high enforcement, there is a chance for malware to get in. With ATIs continuously monitoring systems’ behaviors, administrators will be

alerted to any sign of an attack, so they can respond faster.

Even with high enforcement, trusted users can knowingly or unknowingly approve malicious files. Bit9’s Detection Enhance-ment provides an additional layer of security.

The bank that was automatically protected

from Gauss is an actual Bit9 customer. Bit9

customers were also protected from the

recent, highly sophisticated Flame malware.

Bit9 Advanced Threat Detection combines

real-time sensors, trust-based security,

Advanced Threat Indicators (ATIs), and the

Bit9 Software Reputation Service to detect

advanced threats, malware and zero-day

attacks that typically evade blacklisting and

signature-based detection.

ATIs provide a new detection technology

and intelligence. ATIs are a packaged set of

rules and views created by Bit9’s threat

research team. ATIs monitor for suspicious

behaviors and activities, examining many

facets of your system — including files,

registries, process and memory execution

— to identify potential compromise or

infection.

Examples of what ATIs can detect:

• A process attempting to harvest cached

passwords

• A PDF file spawning an executable

• Processes injecting into other processes

• Processes executing out of suspicious

locations

As new intelligence is gathered around

advanced threats by Bit9’s Threat Research

Team, new ATIs are developed, and

customers receive them via the cloud-

based Threat Indicator Service.

Bit9 Advanced Threat Detection gives Bit9

customers the ability to apply continuous

real-time and historical detection through-

out their entire infrastructure — servers,

desktops, laptops and fixed-function

devices.

Bit9 is the first security solution to apply

ATIs in both real time and to an historical

recording of endpoint activity.


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://blog.bit9.com/2013/01/02/bit9-a-dvr-for-your-endpoints/

https://blog.bit9.com/2013/01/02/bit9-a-dvr-for-your-endpoints/






Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email



Business.

17

Bi9 Whiteboard: Bit9 Stops Advanced Malware Flame. - Harry Sverdlove, Bit9 CTO

LEArn MorE Video

Prior to using a trust-based security platform, one company was seeing between 10 and 20 systems of interest (SOI) a day, each of which was routed to the Information Security (IS) team by email.

Engineering co-ops would then review the SOI, and, if required, a member of the IS team was brought in, and a threat assess-ment team of three got involved.

If the malware had successfully gained command and control of a system, a 1-3 person forensics team was brought in.

None of this staff cost (up to 8 people) would be incurred if executables are stopped before they run — to say nothing of the ultimate cost of the successful

attack!

A precursor to Gauss, Flame is malware

aimed at industrial or fixed systems.

Announced publicly in May 2012, Bit9’s first

encounter with Flame actually occurred

much earlier.

In October 2011, a small component of

what became known as Flame was seen

as an unknown file blocked and prevented

from executing by the Bit9 Trust-based

Security Platform.

Flame variations have since been found at

organizations around the world. As of yet,

however, there is no obvious conclusion as

to the attackers’ original motivation.

Whenever new families or new attack

techniques are revealed, malicious actors

are more than happy to steal, adapt and

employ these techniques.

Shamoon, a variant of Flame designed to

destroy information, targeted oil and gas

companies in the Middle East with

devastating consequences.

Customers of Bit9 receive an original set

of ATIs as part of Detection Enhancement.

Bit9 adds ATIs as intelligence is gathered

about advanced threats, and Bit9 customers

receive updates via the Bit9 Threat Indicator

Service.

the economics of playing catch-upFrom Hackers’ Games

to Cybercrime

Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.youtube.com/embed/xCVbAJdWguo











Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email



Business.

18

Bit9 Security Platform Data Sheet

LEArn MorE Data Sheet

Bit9 Detects and Stops Advanced Threats

Desktop or Laptop POS Terminal or Server USB Stick

Domain Controllers DB and File Servers App/Web Servers

Bit9 proven Reliability and Highest Scalability and Security for physical and virtual environments

Bit9 immediate visibility, Detection and protection

Bit9 it- and cloud-Driven trust policiesSoftware Reputation Service


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





https://www.bit9.com/download/data-sheets/Bit9-Security-Platform-windows-web.pdf

https://www.bit9.com/download/data-sheets/Bit9-Security-Platform-windows-web.pdf






Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email

About Bit9


Business.

19

Bit9 is the leader in trust-based Security The Bit9 Trust-based Security Platform

continuously monitors and records all

activity on servers and endpoints to

detect and stop cyber threats that evade

traditional security defenses. A cloud-based

software reputation service, combined

with policy-driven application control and

whitelisting, provides the most reliable form

of security in a model that can be rapidly

implemented with less maintenance than

traditional tools.

tHe Bit9 5-DAy FRee tRiAl The Bit9 5-Day Free Trial is designed for

IT security and forensics professionals

interested in closing the endpoint security

gap left open by traditional, reactive security

solutions. This cloud-based trial is a complete

working deployment of the Bit9 security

platform which includes the industry’s

leading trust-based application control and

whitelisting solution. Sign up today at

www.bit9.com/freetrial.

Follow us online:


Introduction

Digital Gold


Targeting –


Reconnaissance –

Paths of Attack –


Exfiltration –








About Bit9

Information Email





feed://feeds.feedburner.com/Bit9Activity

https://www.facebook.com/Bit9Inc?sk=wall

https://plus.google.com/104525236349138185546/posts

http://www.youtube.com/user/Bit9Inc?feature=mhee

http://www.linkedin.com/company/497437

https://twitter.com/

https://blog.bit9.com/





News & Politics

Detecting Stopping Advanced Attacks