Malware. Stopping cyberattacks. Sponsored by



Similar documents
Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Spear Phishing Attacks Why They are Successful and How to Stop Them

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

SPEAR-PHISHING ATTACKS

How We're Getting Creamed

WRITTEN TESTIMONY OF

CYBER SECURITY THREAT REPORT Q1

Fighting Advanced Threats

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Trends in Advanced Threat Protection

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

The Mile High Denver Chapter of ARMA welcomes you to our virtual meeting!

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

RETHINKING CYBER SECURITY

2012 Bit9 Cyber Security Research Report

RETHINKING CYBER SECURITY

Defending Against. Phishing Attacks

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Advanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

Developing Secure Software in the Age of Advanced Persistent Threats

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Is security awareness a waste of time?

Cyber Security Strategies for the Small Business Market

Cyber Security Strategies for the Small Business Market

Advanced & Persistent Threat Analysis - I

The Federal CISO Dilemma. You have to do FISMA. You must defend against cyber threats.

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

Reducing the Cost and Complexity of Web Vulnerability Management

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

FERPA: Data & Transport Security Best Practices

SPEAR PHISHING UNDERSTANDING THE THREAT

Corporate Spying An Overview

Table of Contents. Page 2/13

Perspectives on Cybersecurity in Healthcare June 2015

CyberArk Privileged Threat Analytics. Solution Brief

Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Comprehensive Advanced Threat Defense

INDUSTRY OVERVIEW: HEALTHCARE

KEY STEPS FOLLOWING A DATA BREACH

The Custom Defense Against Targeted Attacks. A Trend Micro White Paper

Catch Me If You Can. How to Prevent More of the Same Attacks to the Retail Sector. Abstract. Common Attack Characteristics RETAIL WHITE PAPER

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

The Next Generation IPS

Protecting Your Organisation from Targeted Cyber Intrusion

PUBLIC SAFETY CYBER SECURITY

Breach Found. Did It Hurt?

APT Advanced Persistent Threat Time to rethink?

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Internet threats: steps to security for your small business

INDUSTRY OVERVIEW: FINANCIAL

A Case for Managed Security

The Impact of Cybercrime on Business

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

How-To Guide: Cyber Security. Content Provided by

Incident Response. Six Best Practices for Managing Cyber Breaches.

Advanced Threat Protection with Dell SecureWorks Security Services

Persistence Mechanisms as Indicators of Compromise

Cybersecurity and internal audit. August 15, 2014

Presented by: Mike Morris and Jim Rumph

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Getting real about cyber threats: where are you headed?

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Advanced Persistent Threats

The Hillstone and Trend Micro Joint Solution

What s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security

Beyond the Hype: Advanced Persistent Threats

Incident Response 101: You ve been hacked, now what?

Property of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply

CISO Guide to Next Generation Threats

Advanced Persistent Threats

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

After the Attack. The Transformation of EMC Security Operations

Topic 1 Lesson 1: Importance of network security

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Advanced Security Methods for efraud and Messaging

Data Breach Lessons Learned. June 11, 2015

43% Figure 1: Targeted Attack Campaign Diagram

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

900 Walt Whitman Road, Suite 304 Melville, NY Office:

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Breaking the Cyber Attack Lifecycle

What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape

Finding Security in the Cloud

Transcription:

Stopping cyberattacks Sponsored by

APT to attack Every organization that maintains intellectual property should be aware of advanced persistent threats, reports Angela Moscaritolo. It would come as no surprise to experts at defense contractor Northrop Grumman that students at a foreign university might be given the assignment to break into government or corporate networks. After all, these days state-sponsored hackers around the world are launching increasing numbers of cyberattacks against the U.S. military, government and corporations to obtain valuable intellectual property, says Timothy McKnight, vice president and chief information security officer at Northrop Grumman. Most cyberattacks can be fought off with good defense-in-depth security measures, McKnight says. However, a small percentage are tough to stop even with the best security technologies and practices in place. Holding an elite spot at the top of the long list of today s hacking techniques is the advanced persistent threat (APT). It s a name given to attacks that use customized malware to exploit zero-day vulnerabilities. This allows the bad guys to surreptitiously break into computer networks with the goal of stealing trade secrets and gaining continued intelligence about victims. This isn t just hacking for fun, McKnight says. This is hacking for financial, military or nation-state gain. Plus, the APT is not just a single cyberattack, says Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham (UAB). Rather, it s a series of attacks against many points in an organization. Each attack might gather a little bit of information, Warner says. The idea is, if you discover one, I might have 20 more in place. They might not even be active. Stages of attack While each APT attack is unique, many follow a common formula, according to Mandiant s M-Trends report on APT attacks, released in January. Before launching the attack, cybercriminals carry out a reconnaissance effort to identify key individuals within an organization to target, according to the Washington, D.C.-based security firm, which provides cyberattack response services. Using social networking sites and other publicly available information, attackers gather personal information about their targets and plan the hit. APT intruders use a range of techniques to gain initial access into a corporate network. The most common method of entry is to launch a spear phishing attack which entices victims through social engineering strategies sent out via email to install malware on a user s system. The malware used in APT attacks is often a one-off version, never to be seen again after it s used against its intended target, says Chenxi Wang, principal analyst at Forrester Research. By the time the malware is discovered and security companies have created a signature to protect users from it, the signature is already useless because that version of the malware is generally never used a second time. Because of its nature of being a specially crafted message, it s very difficult to catch, Wang says. In fact, according to Mandiant, just 24 percent of all APT malware is detected by anti-virus software. Further, once the network has been successfully infiltrated, APT attackers steal domain administrative credentials, which are used to impersonate legitimate users and install multiple backdoors throughout the network. These backdoors give attackers a stronger foothold in the environment and a reliable way to get back in. Subsequently, by masquerading as legitimate users, attackers can move laterally 24% of overall APT malware is detected by anti-virus tools 2

through a compromised network and are essentially able to hide in plain sight, says Michael Malin, executive vice president of Mandiant. Attackers then obtain valid user credentials for additional company systems, such as those used by the human resources and financial departments. On average, APT attackers access 40 different systems on a victimized organization s network, the majority of which are broken into using valid credentials, according to the Mandiant report. Once intruders have penetrated an organization s systems, they plant various utilities to capture data, including programs that steal emails, list running processes and install dormant executables or additional backdoors. Stolen data is then exfiltrated from the compromised network to the attacker s remote command and control (C2) servers (see graph below). At that point, APT intruders seek to maintain their persistence in the network for as long as possible and can efficiently respond to the organization s efforts to remediate the compromise. In one way, the APT is like the boogeyman it could be anywhere, says UAB s Warner. It defies traditional information security products. Victims and perpetrators A group of cybercriminals using APT tactics recently managed to plant customized malware on several U.S. government computers, adds Warner. The attack started with a spearphishing email that was sent to a number of federal employees who attackers handpicked knowing those individuals would be accustomed to receiving such a message. Recipients were told to follow a link included in the email to access a report that pertained to their job. The link, instead, directed users to a unique piece of malware that had never been used against the masses before, Warner says. A later investigation revealed that the malware was detected by just two of the top 43 antivirus tools. Several government employees were fooled by the legitimate-looking message and clicked on the link. With that, their computers were compromised. was installed that was crafted to scan compromised machines for Microsoft Word documents and send them via file transfer protocol (FTP) to the attackers computers. Warner could not disclose any other details of the attack, but said it wasn t an isolated incident. The U.S. government has been the victim of several other cyberattacks this year that were equally surreptitious, he said. APT is not just a government problem, though, adds Warner. Every organization that maintains intellectual property could be at risk of APT. We see these attacks constantly, says George Kurtz, CTO at McAfee, who classified Operation Aurora, which recently targeted Google and 30 other corporations, as an APT attack. I certainly think that these attackers have footholds in not only government, but also in corporate America. It is difficult to determine the origin of these cyberattacks since hackers are expert at concealing their physical location, but there have been reports that APT-style attacks have emanated from many countries, including Russia, Iran, Israel and France. However, some experts say there is reason to believe a majority of APT attacks are linked to China. For example, through its investigations into a number of APT attacks, Mandiant researchers discovered that intruders are often interested in obtaining information related to major upcoming U.S./China mergers and acquisitions or corporate business negotiations. Further, a recent report, prepared for Congress by the U.S.-China Economic and Security Review Commission, states that circumstantial and forensic evidence indicates that many of the hacking attempts aimed at the Department of Defense are coming from 76% of overall APT malware is undetected by anti-virus tools 3

the Chinese government and other statesponsored entities. Still, over the past several years, China has made strides in protecting the intellectual property of American companies, U.S. Secretary of Commerce Gary Locke said during a July speech before the U.S.-China Business Council in Beijing. For instance, there has been a marked increase in the number of intellectual property-related criminal prosecutions in China, he said. However, American companies in fields as diverse as energy, technology, entertainment and pharmaceuticals, still lose billions of dollars every year in China from IP theft, Locke said. Thwarting the attack There is no single security technology or practice that will protect organizations from APT attacks, experts say. It s difficult to keep APT out, says Forrester s Wang. My advice is: Don t even try, because you won t succeed. Instead, she says, companies should concentrate their efforts on limiting the damage once an attacker has broken in. The principles of compartmentalization, need-to-know and least privileged access will help to limit exposure and damage. Similarly, UAB s Warner recommends that if they haven t already, organizations must identify and classify all data they maintain and restrict access to sensitive information. Then, actively monitor the points where data can be accessed to determine if inappropriate access has been made. In addition, he recommends that organizations consider implementing customized exfiltration rules that watch all outbound data to determine if it is coming from systems that contain sensitive information. Enterprises that have sound information security management practices should be equipped to deal with this threat, Warner says. Unfortunately, many are not prepared, he adds. We buy something from a vendor and put it on like a Band-Aid and don t have good risk management procedures, he says. This is far more sophisticated and advanced to go through than installing a new anti-virus or patch. Northrop Grumman s McKnight, who was formerly a special agent with the FBI, says that creating organizational awareness about this problem is one of the most important ways to deal with it. We speak to our board about this on a regular basis, he says. In addition, Northrop Grumman has implemented an employee awareness program focused on the APT and likely targets within the organization. As part of the strategy, employees are sent mock spear phishing emails, McKnight says. They are then given immediate feedback and training about cybercriminal tactics that can harm the company. Like many others, McKnight recommends implementing security best practices to prepare and respond to APT attacks. He suggests implementing tactics that include appointing a security leader, such as a CISO or CSO, gaining executive sponsorship, and planning a strategic and tactical approach to companywide IT security. The goal is to get attackers to go elsewhere, McKnight says. You want to improve security to a level that the resources they are applying against you are counterproductive. n 134% increase last year in SQL injection attacks to breach networks 4

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SGC SuperCerts and Extended Validation SSL Certificates. Sponsor Masthead EDITORIAL EDITOR-IN-CHIEF Illena Armstrong illena.armstrong@haymarketmedia.com deputy Editor Dan Kaplan dan.kaplan@haymarketmedia.com managing Editor Greg Masters greg.masters@haymarketmedia.com DESIGN AND PRODUCTION ART DIRECTOR Brian Jackson brian.jackson@haymarketmedia.com Senior Production Krassi Varbanov krassi.varbanov@haymarketmedia.com U.S. SALES Associate Publisher, VP of Sales Gill Torren (646) 638-6008 gill.torren@haymarketmedia.com EASTern REGIOn sales manager Mike Shemesh (646) 638-6016 mike.shemesh@haymarketmedia.com western REGION sales manager Matthew Allington (415) 346-6460 matthew.allington@haymarketmedia.com National inside Sales EXEC. Brittany Thompson (646) 638-6152 brittany.thompson@haymarketmedia.com 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information