Targeted attacks
Transcript of Targeted attacks
Data shown in this presentation has been collected from various sources. Our intention is to use the collected information for knowledge sharing/awareness purpose only.
A targeted attack refers to a type of threat in which threat actors actively
pursue and compromise a target entity's infrastructure while maintaining
anonymity.
When is an attack considered a targeted attack?
• When attackers have a specific target in mind
• The main aim of the targeted attack is
to infiltrate the target’s network and steal information from their servers
• The attack is persistent, with the attackers expending
considerable effort to ensure the attack continues beyond the initial network penetration and infiltration of data.
Targeting an individual or
An Organization
Financial Sector
Telecom Sector
Healthcare Sector
Industrial control systems
CEO / CFO / Board Members
:: Targeted Attack CASE STUDY :: Video Demo (Trend micro)
Source: https://www.youtube.com/watch?v=0hs8rc2u5ak
Stages of targeted attack
Source: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cybercriminals-use-what-works.pdf
Methodology
• Information gathering from various sources
(i.e. social media sites, developer sites)
• Target behavioral analysis (what are interests?? .. News, Finance, Politics, Business)
• Social engineering tactics
• Crafted attack
• Lots of “PATIENCE” !!!!
!! Cybercrime Operation !!
!! Targeted Attacks !!
!! Advance Persistent Threats !!
Are all these same ??
Case Study :-
https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-attempt-central-bank-armenia-employees
Case Study : The cybercriminals gathered the email addresses of about 20 employees and sent them emails with malicious PDF/Macro enabled files attached. If a recipient opened the file using Adobe Reader or enable the macro of Microsoft office document (i.e. xls, doc, ppt), the exploit code embedded in the document downloaded a Trojan and resulted into “System Compromise”.
Deceive and Infect
• Targeted emails and documents
• Just click the shortcut: the rar/lnk trick
• Right-to-left extension override trick
• Social Networking tricks
CASE STUDY :: Targeting a power company
http://www.techinsider.io/red-team-security-hacking-power-company-2016-4
Worth Watching Good Movies : BlackHat 2015 (http://www.dailymotion.com/video/x2qjgqc) Episode Series : Mr. Robots
References :-
APT Archive : https://github.com/kbandla/APTnotes Example of a multistage attack : https://www.virustotal.com/en/ip-address/61.137.223.48/information/ Shadow Force : http://blog.trendmicro.com/trendlabs-security-intelligence/shadow-force-uses-dll-hijacking-targets-south-korean-company/ ShinoBot :http://www.slideshare.net/Sh1n0g1/introduction-of-shinobot-black-hat-usa-2013-arsenal