As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:



Similar documents
43% Figure 1: Targeted Attack Campaign Diagram

How Do Threat Actors Move Deeper Into Your Network?

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

A number of factors contribute to the diminished regard for security:

A number of factors contribute to the diminished regard for security:

This document has been provided by the International Center for Not-for-Profit Law (ICNL).

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Learn about each tool in parental controls and find out how you can use them to secure you and your family.

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

Correlation and Phishing

Getting a new computer or smartphone is always exciting but do you know what to do with your old one?

This guide aims to get you started on decluttering the most important aspects of your digital life.

DIGITAL LIFE E-GUIDE. Keeping Your Cloud Data in Check

RESEARCHBRIEF. Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market

Have you ever seen an online ad with a product or brand that you searched just ten minutes ago? That s the result of customized advertising.

FastPOS: Quick and Easy Credit Card Theft

From Russia with Love

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Web. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social.

Follow the Data: Analyzing Breaches by Industry

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT -BASED THREATS

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Reference Architecture: Enterprise Security For The Cloud

Streamlining Web and Security

Beyond the Hype: Advanced Persistent Threats

Advanced Threat Protection with Dell SecureWorks Security Services

Privilege Gone Wild: The State of Privileged Account Management in 2015

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Latest Business Compromise Malware Found: Olympic Vision

Breach Found. Did It Hurt?

Whitepaper. Advanced Threat Hunting with Carbon Black

The Custom Defense Against Targeted Attacks. A Trend Micro White Paper

Privilege Gone Wild: The State of Privileged Account Management in 2015

How To Secure Your System From Cyber Attacks

KSÖ-SICHERHEITSKONGRESS 2015

Seven Strategies to Defend ICSs

The Business Case for Security Information Management

Protect Your Business and Customers from Online Fraud

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Pass-the-Hash. Solution Brief

Security Intelligence

Terms & Conditions. Introduction. The following terms and conditions govern your use of this website (VirginiaHomeRepair.com).

October Application Control: The PowerBroker for Windows Difference

SPEAR PHISHING UNDERSTANDING THE THREAT

TERMS AND CONDITIONS

This document has been provided by the International Center for Not-for-Profit Law (ICNL).

With Great Power comes Great Responsibility: Managing Privileged Users

Solving the SMS Revenue Leakage Challenge

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

SPEAR PHISHING AN ENTRY POINT FOR APTS

Securing Endpoints without a Security Expert

IBM QRadar Security Intelligence April 2013

How To Manage A Privileged Account Management

APT Protection Via Data-Centric Security. Alan Kessler President and CEO Vormetric

SURVEY REPORT SPON. Identifying Critical Gaps in Database Security. Published April An Osterman Research Survey Report.

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Microsoft Windows XP Vulnerabilities and Prevention

Report. Needle in a Datastack Report

Data Security: Fight Insider Threats & Protect Your Sensitive Data

I D C A N A L Y S T C O N N E C T I O N

PASSWORD MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

App Terms and Conditions!

SECURITY THREATS: A GUIDE FOR SMALL AND MEDIUM ENTERPRISES

Active Directory was compromised, now what?

Protecting Point-of-Sale Environments Against Multi-Stage Attacks

Anthem Hack, Cracked

Countering Insider Threats Jeremy Ho

IBM Security QRadar Vulnerability Manager

Unified Security, ATP and more

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

ENTERPRISE EPP COMPARATIVE REPORT

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

Installing the IPSecuritas IPSec Client

Agenda , Palo Alto Networks. Confidential and Proprietary.

The Cyber Threat Landscape

Breaking the Cyber Attack Lifecycle

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Intel Cyber Security Briefing: Trends, Solutions, and Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Protecting Against Online Fraud with F5

idata Improving Defences Against Targeted Attack

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Extreme Networks Security Analytics G2 Vulnerability Manager

Teradata and Protegrity High-Value Protection for High-Value Data

Protect Your Connected Business Systems by Identifying and Analyzing Threats

10 easy steps to secure your retail network

Perspectives on Cybersecurity in Healthcare June 2015

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION

The Hillstone and Trend Micro Joint Solution

AB 1149 Compliance: Data Security Best Practices

Defensible Strategy To. Cyber Incident Response

Creating, Developing and Instituting an Effective Incident Response Plan. Webinar. 15 April 2015

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Advanced Persistent Threats

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Contents Firewall Monitor Overview Getting Started Setting Up Firewall Monitor Attack Alerts Viewing Firewall Monitor Attack Alerts

CyberArk Privileged Threat Analytics. Solution Brief

Transcription:

TrendLabs

Targeted attacks often employ tools and routines that can bypass traditional security and allow threat actors to move deeper into the enterprise network. Threat actors do this to access data and obtain higher privileges that will allow them to steal additional information of interest. Because of the nature of targeted attacks, unprepared information technology (IT) administrators can fail to immediately detect these attacks and end up with unseen adversaries in their network. To prevent this, enterprises should establish a series of rigorous, security-related procedures. These include segmenting the network, logging and log analysis, and ensuring that user accounts and workstations are configured properly. Figure 1: Stages of a targeted attack That security breaches only happen to large companies instead of small and medium-sized is a common misconception. In reality, threat actors can find weaknesses in a wide range of targets regardless of business size or industry. As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions: Depending on information they already have and their goal, threat actors may seek to escalate privileges once inside the 2 TrendLabs Security in Context Paper

enterprise. Though this is not always needed for threat actors to advance, having login credentials and similar information can still help them go deeper inside the network, like in internal-only servers and databases. Therefore, threat actors will need to find a way to steal user names and passwords that will help them to move from one computer to another. Tools like keyloggers and techniques like ARP spoofing and hash dumping, are all different methods used by threat actors to accomplish this 1. We can remember that the GhostNet cyber-espionage network revealed in 2009 had compromised over 2,000 computers in 103 countries. The network established persistent control of these computers on an average of 145 days, with the longest being 660 days. Networks that are not properly configured, for instance by segments or user access, open the entire corporate infrastructure to data theft. In case of compromise, this means that the whole network is open to malware and other routines that can record keystrokes, hear meeting audio, copy banking credentials, steal classified information, and more. These can contribute to bigger company problems like losing competitive advantage, suffering from a ruined reputation, and losing money. As the nature of targeted attacks involves staying hidden in a network, predicting and thwarting their steps along the way is one effective way you can help secure the company network. 1 Trend Micro Incorporated. (2013). TrendLabs Security in Context Paper. Lateral Movement: How Do Threat Actors Move Deeper into Your Network? Last accessed October 2, 2013, http://about-threats.trendmicro.com/cloud-content/us/entprimers/pdf/tlp_lateral_movement.pdf 3 TrendLabs Security in Context Paper

Traditional blacklisting or perimeter-based security fails in stopping these threats. The diagram below shows critical points which IT administrators can configure to fuel a custom defense strategy for real-time detection. Figure 2: Ways to secure network infrastructure for the enterprise network Here are the main items that should be on every security checklist: Sharp analysts who understand the daily ebb and flow of your traffic may be able to detect a targeted attack early enough in the process to thwart it before it has a chance to take root and spread. Jim Gogolinski, senior threat researcher This involves breaking down a corporate network into separate and logical segments. Segments may be separated according to function or department, geographical location, or levels of security, such as classified or top-secret information. As each segment is usually separated by firewalls, the local IT department can monitor, contain, and control the network traffic coming in and out of each one. Establishing segments helps minimize the impact of compromise using stolen credentials, brute-force attacks, or insiders that snoop on confidential data. Logging and analyzing those logs is critical in detecting targeted attacks. This allows the response team to understand which areas the attackers infiltrated or stole data from. These data can be fed into technologies like the security information and event management (SIEM) and security event manager (SEM) which can gauge the health and activity of large corporate environments in real time. 4 TrendLabs Security in Context Paper

Despite the continuing storage and costing issues, log data can be helpful especially when tracing a successful data exfiltration or tracing lateral movement inside your network. Additionally, log data helps in building the company s security intelligence by learning about new possible tactics. 2 User access to company resources is often taken for granted. It is common for employees to have their own accounts and workstations but enterprises need to configure the access of each one to minimize the impact of targeted attacks. The least-privilege model works best in this case as it regulates the amount of information that users can access. It is imperative that those in charge of network security develop the mindset and tools needed to guard the network and the sensitive data within. Given the evidence discussed, it is high time to defend against targeted attacks and campaigns that aim to steal your company s crown jewels. As such, the first step is to configure your network infrastructure in a proactive stance against targeted attacks. Trend Micro senior threat researcher Jim Gogolinski details important guidelines for network administrators about securing the network infrastructure in his paper Suggestions to Help Companies with the Fight Against Targeted Attacks. 2 Trend Micro Incorporated. (2013). TrendLabs Security in Context Paper. Data Exfiltration: How Do Threat Actors Steal Your Data? Last accessed October 2, 2013, http://aboutthreats.trendmicro.com/cloud-content/us/entprimers/pdf/how_do_threat_actors_steal_your_data.pdf 5 TrendLabs Security in Context Paper

TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an as is condition. Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our innovative security solutions for consumers, businesses and governments protect information on mobile devices, endpoints, gateways, servers and the cloud. For more information, visit www.trendmicro.com 2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information