Chapter 2 - Part 1: Empirical Data PDF

Summary

This document discusses empirical data on how organizations are compromised and the various methods used by attackers. It covers topics like understanding various approaches, implications, current trends of crime in an increasingly technical world, and countermeasures to such schemes.

Full Transcript

Chapter 2 – Part 1
Empirical Data
  ATP has an excellent understanding of the Big
Picture
 ATP see how all the pieces add up to create a
perfect path for compromising a target
organization.
 Organization need to understand also from the
Big Picture of how their environment have been
introduction compromised through the empirical knowledge
 This chapter gives few empirical example but
only few of many
 There are many assumptions as to what
happened in these compromised example of
hacking and counter hacking, however they
close to the facts
  Compilation of example data are from:
 News stories
 Data dumps from attackers
 Data from talented security researchers and
organizations that compile and report on data
The breaches

Problem Many compromised organization and breaches are
never reported or limited information available
with our Not all compromises are discovered

Data Set Not all of the discovered compromises are
reported
Not all the facts of any specific
compromises are always uncovered
Some facts released may be misleading or
even incorrect
  ATP have and will always prefer to use the extremely
stealthy methods when compromising targets.
 An ATP hacker will avoid leaving artifacts on
compromised systems unless it is absolutely necessary
to maintain access to the target organization
 Even when a compromised is discovered, many
The organizations choose not to report it.
 Organizations may fear bad publicity, a loss of customer
Problem confidence, or potential legal actions and choose not to
report security incidents.
with Our  Now many organization starting to report compromises
due to the level of increase, and also being able to
Data Set detect them, and feeling comfortable or more compelled
to report compromises.
 Attacker are constantly changing their strategies and
techniques to take advantage of new vulnerabilities and
create new attacks.
 Defenders create new defensive technologies to
mitigate those attack.
 Attackers do not posses any serious technical skills but use
technology to complement traditional crimes
Techno-Criminals use technology to commit crimes as opposed to
cyber-criminals who use the computers or the internet
Skimmers are physical devices created to steal credit card data by
physically swiping a credit card and storing the data on storage
Techno- internal to the skimmer. See page 32-33 pictures from the book
Most of these devices are used by criminals in restaurants or coffee
Criminals shops, and any other retail establishments where credit cards are
used

Skimmers Now, it is common to see ATM skimmers, which are designed to be
placed on top of ATM machines. Typically placed in front of or on top

Evolution of the card slot of an ATM.
New skimmers have the ability to send captured data via text
messages or other wireless technologies
Many also include extremely small cameras the user’s PIN data is
captured
All these technologies can easily be purchased on the internet and
criminal underground