Advance Persistent Threat Hacking (ATP) Introduction - PDF
Document Details
Uploaded by IndebtedOwl
Tags
Summary
This document provides an introduction to Advance Persistent Threat (APT) hacking. It explains the different types of attackers, their motivations, and attack capabilities. The document also explores various security concepts, such as threat capabilities and the psychology of cyber insecurity.
Full Transcript
ADVANCE PERSISTENT THREAT HACKING (ATP) Introduction – Part One When you decided to use the Internet, you joined a war In the past a bank has to worry about physical security threats and tangible people. Nowadays, banks are being attacked by intrude...
ADVANCE PERSISTENT THREAT HACKING (ATP) Introduction – Part One When you decided to use the Internet, you joined a war In the past a bank has to worry about physical security threats and tangible people. Nowadays, banks are being attacked by intruders from countries with unfamiliar names who utilize FACTS attacks that exist only digitally Countries laws are struggling to deal with constant barrage of foreign attackers Internet makes it possible for an attacker to appear to originate from any country he wishes In the modern digital era, everyone connected to the internet is under constant attack for both businesses and home users Most times, the people compromised are just random victims of criminals who wants to steal as much data as possible, package it up, and sell it to the highest bidder FACTS Your computer resources are still valuable to an attacker A compromised computer represent another processor to attempt to crack passwords, send spam e-mail, or another host to help knock down a target in a distributed denial of service (DDoS) attack. The world has become a playground for anyone who understands technology and is willing to bend the rules We live in an age where anything is possible FACTS In Chapter 2, you will see real-world examples demonstrating some interesting and enlightening examples We are reminded on an almost daily basis of the struggles of corporations by headlines alerting us to the latest breach Major infrastructure have been called “indefensible” Want to know where your celebrity crush will be this weekend? I will just hack her e-mail account and meet here there Want to know what product your competitors are developing for next year? I will just hack their network and check out the blueprints. Did someone make you angry? I will just hack their computer and donate every cent they have to charity FACTS Can not afford to get into the hottest clubs? I will just hack them and add myself to the VIP list. This is only the tip of the iceberg. In the digital dimension, the only limits are from your own imagination The threats is much more real than you think, and it is only getting worse. The cold, hard truth is that at this very moment, regardless of the defense you have in place, I can get Defining the access to any and all of your private data Motives + Capabilities = Threat Class Threat Threat Class + History = Threat Threat Motives Hackers Motivated by curiosity & intellectual challenges Cyber criminals Motivated to make quick and easy money through the use of cyber-tactics, primarily on the Internet (e.g. scams through emails Hacktivists Motivated by a political agenda: hackers for a Attacker cause Hacking groups Motivated to gain fame and Motives recognition and to push agenda Nations-states Motivated by national security and political/national agenda Organized crime Motivated to make money by utilizing technologically gifted individuals Techno –criminals Motivated to make money through the use of technology, think of them as technologically enabled con men9 (e.g. credit card skimmers) Unsophisticated Threats (UT) Unsophisticated Persistent Threat (UPS) Smart Threat (ST) Smart Persistent Threat (SPT) Threat Advanced Threat (AT) Capabilities Advanced Persistent Threat (APT) APT has the most advanced skill set of all UT can focus on specific threats. They use point and click to execute a specific attach – and require virtually no skill. UT & UPT UPT will use same methods and have virtually the same set as a UT, but will focus more their efforts on a specific target ST represent a class of attackers with good technological skills, and if the attack does not work they move on to a different target. ST & SPT SPT represent a class of attackers with good technological skills, and they use a wide range of attack vectors to choose from. They will strategically choose the method that works best for the target organization. AT attackers have: Big picture/strategic thinker Systematic/military approach to attacks Preference for anonymity Selection of attack from larger pool AT & APT APT is a threat with advanced capabilities that focuses on compromising a specific target. The attacker will persist against specific target of interest until he or she achieve the goal. The two most likely attackers are Nation States and Organized Crime. Stealing intellectual property (corporate espionage) Stealing private data (insider trading, blackmail, espionage) Goals of Stealing money (electronically transferring funds, APT stealing ATM, credentials, etc.,) Stealing government secrets (spying, espionage, etc.,) Political or activist motives Motives + Capabilities = Threat Class Hackers + UT Unsophisticated Hacker Nation States + APT Advance Persistent Nation Threat Class Nation States + UT Unsophisticated Nation Techno-criminals + ST Smart Techno- criminals Introduction : Part Two The APT hacker is a single individual with an advanced skill set and methodology, which gives them the ability to target and compromise any organization they choose, APT Hacker: gaining access to any desired assets. The New APT hackers do exist within groups and will continue to be recruited by nations states and Black organized crime. Likewise it is completely feasible that a collective group of smart hackers could prove to be just as effective as a single APT hacker. No organization either small or big is safe from APT hacker Every organization such as government, military agencies, defense contractors, banks, financial firms, utility providers, etc., can be Targeted compromised. Small organization with small budget are most Organizatio vulnerable. ns Hackers can stay undetected within the small organization for a long time. Seriously? Can any organization be hacked? YES Any? Even the most secure environment? YES But seriously any organization, regardless of industry? YES Construct of And it does not matter what defense they have Our Demise in place? YES Of course, the defense matter. It just may make it more difficult, but not impossible The Internet and modern digital technology in general have not been around for a long time 1993 is the official year the World Wide Web was born The Impact Laws were catching up and technology is of the Youth changing and laws are slow to develop Defenses against cyber attacks are not catching up with advanced hacking techniques, and this is a major consideration of cyber security The truth in this technological war is that you simply can not afford to prevent a successful attack from an APT hacker, actually it is impossible The The mathematics behind risk management Economics simply breaks apart when accounting for an APT hacker of It is too expensive for organization to defend (In)security against an APT hacker Current protection technologies although very expensive can not prevent a successful attack coming from APT Many people including experts in IT confuse Security and Risk Management Businesses must perform risk management to minimize the risk of doing business to acceptable level Processes like patch management, vulnerability management, system hardening, and incident Security vs. response are no brainers for reducing risk, but Risk essentially a business can not remove all the risk from technology Manageme Technology is an essential part of every nt business today Businesses simply can not spend enough money to defend against an APT hackers in an effective or foolproof way. A business may remove certain attack paths and vulnerabilities but will never be able to remove all the attack vectors that an APT hacker can use The fact is that the risks are greatly reduced for cyber-criminals compared to traditional criminals Inverted The money made compared to the time invested is far greater for cyber criminals Risk and A bank cyber attacker using the internet is ROI hardly at physical risk, captured, or even found Then the fact is that the return for time invested, as well as the risks involved are greatly in the favor of a cyber criminal. A very clear advantage that an attacker has against defenders lies in the sheer number of items a defender needs to juggle. A defender must fix for at least every vulnerability that an attacker can use to compromise a system An attacker needs to find only one exploitable A Number vulnerability or path to win the battle. Businesses must concern itself by many factors Game such as Patch management Vulnerability management Server hardening Security awareness training But APT hacker is only concerned with the one ball that is been dropped You maybe SECURE today but in 24 hours, a new vulnerability could manifest itself that makes you very vulnerable and an easy target to compromise A patch might be found to fix the vulnerability, but in a short time another vulnerability is Time is Not found, and thus your system becomes insecure again your Friend Hackers will find the gap between a fix batch and new vulnerability and attack The attacker always search for new vulnerability in the system and to look for zero- day vulnerabilities Lack of concern toward security Lack of patching the vulnerability and updating their systems Psychology Lack of awareness and understanding the risk of lack of security of Weakness of installing proper security methods (In)security and updating firewalls and anti-viruses Simply do not care or pay attention of the risk of cyber attacks This means the cause and effect Few people understand the relationship between computer security and for example credit card identity theft. Most people do not understand why and how they were compromised in the first place, because they do not understand the technology Ambiguous well Casualty As an example, if a user clicks on an email link and the computer is compromised, by the time they find out, or understand what happened, it is tool late The damage is done and by the time he or she finds out, which is too late, the relationship between cause and effect becomes ambiguous Defensive thinking appear to have a narrow and traditional process for handling security Attackers take much more liberal and outside the box approach to problems Offensive The defensive personnel are less intelligent Thinking vs than offensive attackers Defensive Defensive is more reactionary. Attackers will always have the upper hand Thinking because they can innovate in a fundamentally different and fast way Many organizations do not think like attackers and this is the problem Companies create hardware and software as fast as possible to make money and increase market share, and beat their competitors Current and future technologies where society The Big is depend on became the liability of today, and there are risks associated with them Picture The power grid, emergency response systems, payment and banking systems are virtually every part of our lives. They rely on a complex network of computer systems that can be vulnerable for cyber attacks Organizations are large and not mobile, opposite to hackers who are mobile and hard to get APT attackers utilize the guerrilla warfare tactics which requires mobility and not stationary Guerrilla Anonymous attackers always have the upper hand Warfare Attackers can innovate use exploits that defenders are unaware of. Defenders can then be slow to discover, analyze, and come up with corrective measures for these exploit The more complex the system the more vulnerabilities are there Microsoft Windows 7 and without any extra software installed, has about 50 millions of code. This means there are roughly 50,000 The vulnerabilities in Windows, this what an Vulnerability attacker needs to exploit, that is enough even with less percentage of Thin of all the systems in place beside Complexity operating system such as banking system, power and utility systems, network system. They are built in the same way, with similar vulnerabilities, and then they are all networked together Turning software into offensive tools that can be use by people with little to no understanding of the underlying technology. Like a gun, you do not need to understand how it is made, but you know how to use They are developed by commercial and The professional audiences Weaponizin They developed specifically for criminals such as rootkit development kits, web exploit packs, g of botnet for rent, zero-day exploits and more Software They require minimal to no programming knowledge Viruses and rootkit to frameworks allow attackers to create a customized virus with minimal time and effort using only the functionality the attacker requires. Some of the kits even include specialized delivery methods.