Advanced Persistent Threats (APTs)

By YGN Ethical Hacker Group -

SomeReal-word Incidents:

http://blogs.rsa.com/rivner/anatomy-of-an-attack/

http://www.scmagazineus.com/ghostnet-spy-network-phishes-international-victims/article/129677

http://www.finextra.com/community/fullblog.aspx?id=3720


Nowadays'Challenge to Cyber Attackers:
  • Network Perimeters are pretty tightened
  • Defense-in-Depth approach in each layer of Network
  • Real time network monitoring, intrusion detection systems

What didCyber Attackers find out?
  • Host-based or Endpoint protection systems usually fail to detect customized or unknown malwares  ; in other words, these systems can be tricked into thinking a malware as innocent ware by repeated trial-n-error testings of binary modification or other means like direct attack to these systems
  • Due to basic security awareness trainings and past common outbreak of virus via unknown emails,  people are ready to skip to mails from unknown senders. Anti-spam security solutions have done a good job in filtering spam/junk mails. 
  • Whatsoever, it is hard to train people to have security-sense awareness for always.

What dowe learn about APTs?
  • Most APTs targets human as the main victim. From it, deeper attack paths are carried out.
  • APTs attacks include spear phishing attack vector as the main successful penetration entry
  • APTs attacks exploit known and unknown vulnerabilities in commonly-used softwares in target Host system.  These softwares  are related to entertainment, office, communications, web  such as media players, office suite, messenger, mail clients, web browsers and their related plugins. (Google Chrome sandbox was broken by iVizSecurity a few months ago)
  • Host-based firewall systems fail to protect due to the reason that the attack is not launched from outside or adjacent hosts
  • Antivirus systems fail to proactively protect APT attack from occurring. We have noticed new ways of bypassing AVs have been popping up after another; some of them are due to flaws in AV software core engine; some are unable to detect specially packed or modified malware agents.

Comments

Post a Comment

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

By YGN Ethical Hacker Group -
Image
Update 2016/02: We were asked by a lot if this still works.  Shortly after our disclosure, this issue has been patched. ------ The Background - The Past Gaining access to  HttpOnly cookie  was first attempted by means of XST,  Cross Site Tracing  vulnerability. Soon after the popularity of XST, the TRACE method has been disabled by most web servers.  Later, browsers' implementation of XMLHttpRequest also blocked "TRACE" method (i.e.  xmlhttp.open('TRACE', url, true) ].  Later,  a flawed implementation in Firefox's  XMLHttpRequest which can be used to access set-cookie response header was fixed.   JS Debugger pointing out "TRACE" method as invalid arugment   JS Debugger pointing out "TRACE" method as illegal value A Sla.ckers.org forum member, LeverOne, posted ways to access HttpOnly cookie through the use of Java API and applet.  I reproduced his techniques. When the first method was tried, the Java Runtime did no
Read more

Jumping out of Touch Screen Kiosks

By YGN Ethical Hacker Group -
Image
Background: Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.   Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs. Weakness: Jumping out We cannot use  iKat  at first as we do not have access to any keyboard facility. However, the trick is no-brainer. Do long press on any locations and relieve.  You should see the usual Flash context menu like: Touch "Global Settings".  A web browser window will pop up and redirect to the Adobe URL,  http://www.macromedia.c
Read more