
The Danger of Compromise
THE DANGER OF COMPROMISE WHAT HAPPENS WHEN APTS ADVANCE TO LATERAL MOVEMENT INSIDE TARGET NETWORKS? THEY USE A VARIETY OF TOOLS AND LEGITIMATE COMPUTER FEATURES TO GAIN HIGHER ACCESS PRIVILEGES. THE DEEPER ADVANCED PERSISTENT THREATS (APTS) ARE IN THE NETWORK, THE HARDER IT IS TO DETECT THEM. 1 IN500) ATTACK COMMAND & CONTROL ENTERPRISES SAY THEY EXPERIENCED AN APT LATERAL MOVEMENT -EXTENT OF IMPACT- LATERAL MOVEMENT TACTICS AFTER IT GATHERS INFORMATION, GAINS ENTRY, AND ESTABLISHES COMMAND-AND-CONTROL INSIDE A TARGET NETWORK, APTS MOVE LATERALLY TO EXFILTRATE SENSITIVE DATA. RECONNAISSANCE NETSTAT GETS CONNECTION INFORMATION GATHER INSIDE INFORMATION TO MOVE FREELY IN THE NETWORK ZXPORTMAP I ZXPROXY X PORT SCANNING REDIRECTS/HIDES TRAFFIC CHECKS OPEN PORTS CREDENTIALS STEALING STEAL LEGITIMATE CREDENTIALS TO HACK INTO0 OTHER COMPUTERS * HOOKING * KEYLOGGER INTERCEPTS AND RECORDS PASSWORDS RECORDS COMPUTER STROKES X ARP SPOOFING HASH DUMPING SNIFFS ON COMPUTER INTERACTIONS COLLECTS HASH VALUES OF PASSWORDS COMPUTER INTRUSIONS ATTACK OTHER COMPUTERS USING ACCESS WITH HIGHER PRIVILEGES AT (COMMAND) SCHEDULES TASKS ON REMOTE SYSTEM X PSEXEC LAUNCHES PROGRAM ON REMOTE K WMI X REMOTE DESKTOP COLLECTS DATA AND PERFORMS ACCESSES COMPUTERS OVER NETWORKS OPERATIONS REMOTELY 447 us companies were breached in 2012. 600M records were compromised by security breaches. 83% of consumers believe organizations that fail to protect their personal information are untrustworthy. US$ 300K is the average cost of a single, successful cyber attack. FIGHTING BACK 0101010101 01001010 101 101 010 100 1010101010 USE SECURITY REMOVE LOCAL ADMINISTRATOR APPLY TRACK ADAPT A APPLICATION CONTROL MALICIOUS PATTERNS INFORMATION CUSTOM DEFENSE AND EVENT MANAGEMENT RIGHTS SOLUTION (SIEM) SOURCES: http://www.isaca.org | http://www.idtheftcenter.org | http://www.privacyrights.org| http://public.dhe.ibm.com | http://www.zdnet.com | http://www.experian.com TREND M ICRO Created by: TrendLabs Global Technical Support & R&D Center of TREND MICRO
The Danger of Compromise
Source
http://about...compromiseCategory
TechnologyGet a Quote