Friday, July 8, 2011

Advanced Persistent Threats (APTs)


SomeReal-word Incidents:



Nowadays'Challenge to Cyber Attackers:
  • Network Perimeters are pretty tightened
  • Defense-in-Depth approach in each layer of Network
  • Real time network monitoring, intrusion detection systems

What didCyber Attackers find out?
  • Host-based or Endpoint protection systems usually fail to detect customized or unknown malwares  ; in other words, these systems can be tricked into thinking a malware as innocent ware by repeated trial-n-error testings of binary modification or other means like direct attack to these systems
  • Due to basic security awareness trainings and past common outbreak of virus via unknown emails,  people are ready to skip to mails from unknown senders. Anti-spam security solutions have done a good job in filtering spam/junk mails. 
  • Whatsoever, it is hard to train people to have security-sense awareness for always.

What dowe learn about APTs?
  • Most APTs targets human as the main victim. From it, deeper attack paths are carried out.
  • APTs attacks include spear phishing attack vector as the main successful penetration entry
  • APTs attacks exploit known and unknown vulnerabilities in commonly-used softwares in target Host system.  These softwares  are related to entertainment, office, communications, web  such as media players, office suite, messenger, mail clients, web browsers and their related plugins. (Google Chrome sandbox was broken by iVizSecurity a few months ago)
  • Host-based firewall systems fail to protect due to the reason that the attack is not launched from outside or adjacent hosts
  • Antivirus systems fail to proactively protect APT attack from occurring. We have noticed new ways of bypassing AVs have been popping up after another; some of them are due to flaws in AV software core engine; some are unable to detect specially packed or modified malware agents.

No comments:

Post a Comment