11
1 Advanced targeted attacks Andrey Dulkin, Andy Givens, Andy Thompson, Lauren Horaist, Nick Dulavitz

advanced targeted attacks

Embed Size (px)

Citation preview

Page 1: advanced targeted attacks

1

Advanced targeted attacksAndrey Dulkin, Andy Givens, Andy Thompson, Lauren Horaist, Nick Dulavitz

Page 2: advanced targeted attacks

2

What makes an attack “advanced?

An advanced attack is…

a targeted attack against a specific organization, during which an attacker operates extensively inside the

network

Contrary to:

Opportunistic endpoint attacks

Opportunistic endpoint attacks

Quick, targeted attacks (ex: call centers)

Page 3: advanced targeted attacks

3

BREACH• Phishing• USB• Unsecured servers

RECON• Network queries• Passive listening• Probing

LATERAL MOVEMENT• Look for credentials• Look for access

DOMAIN COMPROMISE• Sufficient privileges

ACTIONS ON TARGET• Access servers, apps etc.

Stages of an Advanced Attack

Page 4: advanced targeted attacks

4

Breach▪ Email with malicious attachment

Page 5: advanced targeted attacks

5

Domain Controller

File Server 1

Admin Workstation

Web Server 3

Help Desk Workstation

Recon▪ What privileges do I HAVE?

▪ WHO are the privileged users?

▪ WHERE are they connected?

▪ What privileges can I GET?

Nmap Maltego

COMMON TOOLS USED FOR RECON

Page 6: advanced targeted attacks

6

Domain Controller

Web Server 3

Help Desk Workstation

Lateral Movement▪ Connect to the shared machine

▪ Search for credentials

▪ Steal privileged credentials

File Server 1

Admin Workstation

PsExecmimikatz

COMMON TOOLS USED FOR LATERAL MOVEMENT

*****

Domain Admin credentials found!

Page 7: advanced targeted attacks

7

Domain Compromise▪ Connect to Domain Controller

▪ Steal krbtgt hash

▪ Create a Golden Ticket with required privileges

▪ Locate and access desired system: SWIFTNet Domain Controller

NEXT: Steal the krbtgt hashGenerate golden ticket for full domain access

!

SWIFTNet

Page 8: advanced targeted attacks

8Recipient Bank

SWIFTNet

SWIFT User 1

SWIFT User 2

Actions on target

!

SWIFTNet Server

▪ Access the SWIFT server

▪ Locate pending transaction file

▪ Inject fraudulent transaction

Page 9: advanced targeted attacks

9

Profit!

Page 10: advanced targeted attacks

10

Recommendations

Endpoint Network Credentials Monitoring Remove local privileges Control applications Detect malicious

executions

Patch systems Segment off sensitive

assets Route access through

jump servers

Enforce credential tiers Require multi-factor

authentication Secure and manage

privileged credentials

Set alerts on malicious events

Monitor behavior to detect anomalies

Monitor privileged users

Page 11: advanced targeted attacks

11


THE DESERT FALCONS TARGETED ATTACKS - Securelist

THE DESERT FALCONS TARGETED ATTACKS - Securelist

Documents
TARGETED ATTACKS - AFKC€¦ · TARGETED ATTACKS WHITEPAPER 4 1. INTRODUCTION Cybercriminals today have evolved their techniques into more complex attacks. These kinds of threats

TARGETED ATTACKS - AFKC€¦ · TARGETED ATTACKS WHITEPAPER 4 1. INTRODUCTION Cybercriminals today have evolved their techniques into more complex attacks. These kinds of threats

Documents
Preventing Advanced Targeted Attacks with IAM Best Practices

Preventing Advanced Targeted Attacks with IAM Best Practices

Internet
Targeted Attacks Detection with SPuNge

Targeted Attacks Detection with SPuNge

Documents
Targeted Email Attacks - Home - iSecure · Targeted Email Attacks A Detailed Analysis from FortiGuard Labs Sophisticated attacks are increasingly designed to bypass organization-

Targeted Email Attacks - Home - iSecure · Targeted Email Attacks A Detailed Analysis from FortiGuard Labs Sophisticated attacks are increasingly designed to bypass organization-

Documents
Securing DNS to Thwart Advanced Targeted Attacks and ...mendillo.info/seguridad/doc/Securing DNS.pdf · In June 2014, attackers used DNS amplification attacks to launch a distributed

Securing DNS to Thwart Advanced Targeted Attacks and ...mendillo.info/seguridad/doc/Securing DNS.pdf · In June 2014, attackers used DNS amplification attacks to launch a distributed

Documents
The Blueprint of Targeted Attacks

The Blueprint of Targeted Attacks

Technology
TOG: Targeted Adversarial Objectness Gradient Attacks on

TOG: Targeted Adversarial Objectness Gradient Attacks on

Documents
Detecting Targeted Attacks by Multilayer Deception - … · Detecting Targeted Attacks by Multilayer Deception 177 ... Detecting Targeted Attacks by Multilayer Deception 179 ... employed

Detecting Targeted Attacks by Multilayer Deception - … · Detecting Targeted Attacks by Multilayer Deception 177 ... Detecting Targeted Attacks by Multilayer Deception 179 ... employed

Documents
Targeted Attacks and Advanced Threats Bryon Page Solution Systems Engineer

Targeted Attacks and Advanced Threats Bryon Page Solution Systems Engineer

Documents
Protecting endpoints from targeted attacks

Protecting endpoints from targeted attacks

Technology
Targeted Attacks - Imperva

Targeted Attacks - Imperva

Documents
STOP TARGETED ATTACKS - F-Secure

STOP TARGETED ATTACKS - F-Secure

Documents
Assessing Targeted Attacks in Incident Response Threat ... · PDF fileAssessing Targeted Attacks in Incident Response Threat Correlation ... Indicators, Actors • Ensure ... Assessing

Assessing Targeted Attacks in Incident Response Threat ... · PDF fileAssessing Targeted Attacks in Incident Response Threat Correlation ... Indicators, Actors • Ensure ... Assessing

Documents
Advanced & Targeted Attacks - Alexandra · Advanced & Targeted Attacks Peter Sindt Århus 2. Maj 2014 . Dubex A/S

Advanced & Targeted Attacks - Alexandra · Advanced & Targeted Attacks Peter Sindt Århus 2. Maj 2014 . Dubex A/S

Documents
Overview of the Mandiant Cloud Platformconcert.or.kr/2014forecast/pdf/forecast2014_Keynote.pdf · Advanced Persistent Threat (APT) Advanced . Targeted Attacks . 100% . Of Victims

Overview of the Mandiant Cloud Platformconcert.or.kr/2014forecast/pdf/forecast2014_Keynote.pdf · Advanced Persistent Threat (APT) Advanced . Targeted Attacks . 100% . Of Victims

Documents
How Targeted APT and Advanced Malware Attacks Evade Anti-virus Software

How Targeted APT and Advanced Malware Attacks Evade Anti-virus Software

Technology
TARGETED CYBER ATTACKS ANATOMY, VIVISECTION AND PROTECTION · TARGETED CYBER ATTACKS ANATOMY, VIVISECTION AND PROTECTION Sergey Gordeychik Deputy CTO, Kaspersky Lab Targeted Attack

TARGETED CYBER ATTACKS ANATOMY, VIVISECTION AND PROTECTION · TARGETED CYBER ATTACKS ANATOMY, VIVISECTION AND PROTECTION Sergey Gordeychik Deputy CTO, Kaspersky Lab Targeted Attack

Documents
Defending Against Advanced Targeted Attacks · these attacks • Real-time, integrated signature-less solution is required across Web, email and file attack vectors • FireEye has

Defending Against Advanced Targeted Attacks · these attacks • Real-time, integrated signature-less solution is required across Web, email and file attack vectors • FireEye has

Documents
Advanced Protection and Threat Intelligence to …...1 Enterprise Threats Landscape Targeted attacks and advanced threats – including Advanced Persistent Threats (APTs) – are some

Advanced Protection and Threat Intelligence to …...1 Enterprise Threats Landscape Targeted attacks and advanced threats – including Advanced Persistent Threats (APTs) – are some

Documents
OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of

OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of

Documents
Targeted  &  Persistent  Attacks  in  EU

Targeted  &  Persistent  Attacks  in  EU

Technology
Automated Targeted Attacks

Automated Targeted Attacks

Documents
Targeted Attacks on South Korean Organizations€¦ · Targeted Attacks on South Korean Organizations Attacks Using Local Word Processor Sep 2016 - Dec 2017 Analysis Research Team,

Targeted Attacks on South Korean Organizations€¦ · Targeted Attacks on South Korean Organizations Attacks Using Local Word Processor Sep 2016 - Dec 2017 Analysis Research Team,

Documents
The Custom Defense Against Targeted Attacks › media › wp › custom-defense... · Advanced persistent threats (APTs) and targeted attacks have clearly proven their ability to

The Custom Defense Against Targeted Attacks › media › wp › custom-defense... · Advanced persistent threats (APTs) and targeted attacks have clearly proven their ability to

Documents
Trends in Advanced Threat Protection NZISF - isaca.org John Martin - Trends... · Trends in Advanced Threat Protection ... Targeted Attacks / Advanced Persistent Threat 1995 ... the

Trends in Advanced Threat Protection NZISF - isaca.org John Martin - Trends... · Trends in Advanced Threat Protection ... Targeted Attacks / Advanced Persistent Threat 1995 ... the

Documents
Ensure outstanding visibility and synchronized remediation ... · ADVANCED PERSISTENT THREATS (APT) AND TARGETED ATTACKS EDR systems are commonly utilized to: identify APTs or targeted

Ensure outstanding visibility and synchronized remediation ... · ADVANCED PERSISTENT THREATS (APT) AND TARGETED ATTACKS EDR systems are commonly utilized to: identify APTs or targeted

Documents
Trends in Targeted Attacks

Trends in Targeted Attacks

Documents
Targeted Defense for Malware & Targeted Attacks

Targeted Defense for Malware & Targeted Attacks

Technology
The New Generation of Targeted Attacks

The New Generation of Targeted Attacks

Documents