HII_The_Non-Advanced_Persistent_Threat

《HII_The_Non-Advanced_Persistent_Threat》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、HackerIntelligenceInitiativeTheNon-AdvancedPersistentThreat1.ExecutiveSummaryAdvancedPersistentThreat(APT)isanamegiventoattacksthatspecificallyandpersistentlytargetanentity.Thesecuritycommunityviewsthistypeofattackasacomplex,sophisticatedcyber-attackthatcanlastmonthsorevenyears.Theski

2、llandscoperequiredtoinstigateanattackofthismagnitudeandsophisticationarebelievedtobebeyondthereachofindividualhackers.Therefore,APTisgenerallyattributedtogovernments,hacktivists,andcybercriminals.Despitethesecommonperceptions(seeWikipedia),ourlabsdiscoveredthatsometechniquesattributed

3、toAPTrequireonlybasicskills.Forexample,therearesimplewaystoaccumulateaccessprivilegesbyattackingcommonWindowsprotocols.Toprovideevidenceofthis,theattacksweexaminedtargetedcommonlyknown,inherentweaknessesoftheMicrosoftNTLMprotocol,andleveragedbasicsocialengineering,Windowsskills,andrea

4、dilyavailablesoftware.Inthisreport,wefocusonthephasesofescalatingprivilegesandcollectinginformation.Weexposesomepowerful,yetextremelysimpletechniquesthatallowattackerstoefficientlyexpandtheirreachwithinaninfectedorganization.Weshowhowattackersachievetheirgoalswithoutresortingtozero-da

5、yvulnerabilitiesandsophisticatedexploits,andhoworganizationscanprotectthemselvesagainsttheoutcomesofsuchattacks.Thetargetoftheattackweanalyzeinourreportistheenterprise’sconfidentialinformationstoredonfileservers,MicrosoftSharePoint,ordatabaseservers.Confidentialinformationmayincludein

6、tellectualproperty,dealdata,sourcecode,paymentcardinformation,personalinformation,tradesecrets,researchdata,financialsecrets,etc.Asweshowinourreport,someAPTsarerelativelysimpletocarryout.Thereneedstobeafundamentalshiftinhowsecurityteamsapproachprotectingagainstthem.Securityteamsneedto

7、changetheirparadigmfromabsolutepreventionofintrusiontofocusingonwhattheyneedtodotoprotecttheircriticaldataassetsonceintrudershavegainedaccesstotheirinfrastructure.Organizationsshouldalsoshifttheirpracticefromabsoluterelianceonaccesscontrolmeasures,toabusedetectionmechanisms.1.1KeyFind

8、ings1