Transcribed

The Danger of Compromise

THE DANGER OF COMPROMISE WHAT HAPPENS WHEN APTS ADVANCE TO LATERAL MOVEMENT INSIDE TARGET NETWORKS? THEY USE A VARIETY OF TOOLS AND LEGITIMATE COMPUTER FEATURES TO GAIN HIGHER ACCESS PRIVILEGES. THE DEEPER ADVANCED PERSISTENT THREATS (APTS) ARE IN THE NETWORK, THE HARDER IT IS TO DETECT THEM. 1 IN500) ATTACK COMMAND & CONTROL ENTERPRISES SAY THEY EXPERIENCED AN APT LATERAL MOVEMENT -EXTENT OF IMPACT- LATERAL MOVEMENT TACTICS AFTER IT GATHERS INFORMATION, GAINS ENTRY, AND ESTABLISHES COMMAND-AND-CONTROL INSIDE A TARGET NETWORK, APTS MOVE LATERALLY TO EXFILTRATE SENSITIVE DATA. RECONNAISSANCE NETSTAT GETS CONNECTION INFORMATION GATHER INSIDE INFORMATION TO MOVE FREELY IN THE NETWORK ZXPORTMAP I ZXPROXY X PORT SCANNING REDIRECTS/HIDES TRAFFIC CHECKS OPEN PORTS CREDENTIALS STEALING STEAL LEGITIMATE CREDENTIALS TO HACK INTO0 OTHER COMPUTERS * HOOKING * KEYLOGGER INTERCEPTS AND RECORDS PASSWORDS RECORDS COMPUTER STROKES X ARP SPOOFING HASH DUMPING SNIFFS ON COMPUTER INTERACTIONS COLLECTS HASH VALUES OF PASSWORDS COMPUTER INTRUSIONS ATTACK OTHER COMPUTERS USING ACCESS WITH HIGHER PRIVILEGES AT (COMMAND) SCHEDULES TASKS ON REMOTE SYSTEM X PSEXEC LAUNCHES PROGRAM ON REMOTE K WMI X REMOTE DESKTOP COLLECTS DATA AND PERFORMS ACCESSES COMPUTERS OVER NETWORKS OPERATIONS REMOTELY 447 us companies were breached in 2012. 600M records were compromised by security breaches. 83% of consumers believe organizations that fail to protect their personal information are untrustworthy. US$ 300K is the average cost of a single, successful cyber attack. FIGHTING BACK 0101010101 01001010 101 101 010 100 1010101010 USE SECURITY REMOVE LOCAL ADMINISTRATOR APPLY TRACK ADAPT A APPLICATION CONTROL MALICIOUS PATTERNS INFORMATION CUSTOM DEFENSE AND EVENT MANAGEMENT RIGHTS SOLUTION (SIEM) SOURCES: http://www.isaca.org | http://www.idtheftcenter.org | http://www.privacyrights.org| http://public.dhe.ibm.com | http://www.zdnet.com | http://www.experian.com TREND M ICRO Created by: TrendLabs Global Technical Support & R&D Center of TREND MICRO

The Danger of Compromise

shared by TrendMicro on Jul 23

233 views

0 faves

0 shares

0 comments

As threat actors move deeper into the network, their movements and methods become difficult to detect especially when they utilize tools also used by IT administrators. What does happen when APTs move...

Publisher

Trend Micro

Designer

Trend Micro