资源描述:
《HII_The_Non-Advanced_Persistent_Threat》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、HackerIntelligenceInitiativeTheNon-AdvancedPersistentThreat1.ExecutiveSummaryAdvancedPersistentThreat(APT)isanamegiventoattacksthatspecificallyandpersistentlytargetanentity.Thesecuritycommunityviewsthistypeofattackasacomplex,sophisticatedcyber-attackthatcanlastmonthsorevenyears.Theski
2、llandscoperequiredtoinstigateanattackofthismagnitudeandsophisticationarebelievedtobebeyondthereachofindividualhackers.Therefore,APTisgenerallyattributedtogovernments,hacktivists,andcybercriminals.Despitethesecommonperceptions(seeWikipedia),ourlabsdiscoveredthatsometechniquesattributed
3、toAPTrequireonlybasicskills.Forexample,therearesimplewaystoaccumulateaccessprivilegesbyattackingcommonWindowsprotocols.Toprovideevidenceofthis,theattacksweexaminedtargetedcommonlyknown,inherentweaknessesoftheMicrosoftNTLMprotocol,andleveragedbasicsocialengineering,Windowsskills,andrea
4、dilyavailablesoftware.Inthisreport,wefocusonthephasesofescalatingprivilegesandcollectinginformation.Weexposesomepowerful,yetextremelysimpletechniquesthatallowattackerstoefficientlyexpandtheirreachwithinaninfectedorganization.Weshowhowattackersachievetheirgoalswithoutresortingtozero-da
5、yvulnerabilitiesandsophisticatedexploits,andhoworganizationscanprotectthemselvesagainsttheoutcomesofsuchattacks.Thetargetoftheattackweanalyzeinourreportistheenterprise’sconfidentialinformationstoredonfileservers,MicrosoftSharePoint,ordatabaseservers.Confidentialinformationmayincludein
6、tellectualproperty,dealdata,sourcecode,paymentcardinformation,personalinformation,tradesecrets,researchdata,financialsecrets,etc.Asweshowinourreport,someAPTsarerelativelysimpletocarryout.Thereneedstobeafundamentalshiftinhowsecurityteamsapproachprotectingagainstthem.Securityteamsneedto
7、changetheirparadigmfromabsolutepreventionofintrusiontofocusingonwhattheyneedtodotoprotecttheircriticaldataassetsonceintrudershavegainedaccesstotheirinfrastructure.Organizationsshouldalsoshifttheirpracticefromabsoluterelianceonaccesscontrolmeasures,toabusedetectionmechanisms.1.1KeyFind
8、ings1