Targeted attacks and APTs

Targeted attacks and APTs

 

Modern attacks evolved from “smash-and-grab” methods to elaborate schemes with the goal of maintaining a persistent, long-term presence. Their perpetrators pursue a variety of attack vectors and use a wide array of advanced tools and techniques: stealing credentials, installing malware that erases itself to avoid detection, modifying internal processes and rerouting network data, employing social engineering scams, and targeting employee mobile phones and home devices. Industry reports indicate that some threats can go undetected for about 100 days.

Persistence is a common feature of targeted attacks, focusing on exploiting corporate resources. Traditional malware attacks took the opportunistic approach, targeting a specific technology without much concern about the target. Targeted attacks, also referred to as Advanced Persistent Threats (APTs) are an evolution of espionage to target a specific organization to steal information, modify information, or destroy information or systems. They tend to be technology agnostic as the attackers have the resources and determination to use whatever techniques or technologies work.

An APT typically starts at the outer boundary of a corporate network and might be started with attackers gaining access to a non-privileged account. For instance, the initial attack vector can be an email with a malformed attachment or with a link to a malicious website (exploiting a Java vulnerability for instance), or it can be a USB key left on a parking lot for the victim to discover. From there the attackers extend laterally the scope of their exploit. This process can sometimes take months or longer. Attackers who carry out targeted attacks are most of the time organized and typically have more in-depth knowledge about their target. For instance, they can have a copy of the organization chart gathered via spear-phishing emails.

After the attackers have compromised a non-privileged account, they start their reconnaissance work to explore and categorize corporate resources. Since they are using a legitimate account, this tends to continue undetected, if the attackers stay within certain access patterns that will not trigger an intrusion detection system. A sophisticated APT attack avoids actions like enumeration of users or shares at a large scale – since this would obviously trigger some alarm bells — instead, they proceed with their stealth approach. Attackers are typically aware of what will and will not trigger your intrusion detection system (IDS) and/or intrusion prevention system (IPS). However, the attackers continue mining for privileged credentials and, once they manage to capture them, they proceed to exfiltrate, modify, or delete corporate data and resources.

Recent Articles

How to configure restriction for Users from creation of Office 365 groups, Plans & Microsoft teams.

Connect-AzureAD Create new Security Group "AllowedtoCreateGroups" Get-AzureADGroup -SearchString "AllowedtoCreateGroups" $GroupName = "<SecurityGroupName>" $AllowGroupCreation = "False" Connect-AzureAD $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $template = Get-AzureADDirectorySettingTemplate | Where-object...

Attack Simulator for Office 365

Microsoft has released Attack Simulator (currently in Preview) to allow Office 365 Global Administrators to simulate phishing campaigns and other attack simulations. Prerequisites ·       Your organization’s email...

What is Advanced Threat Analytics?

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber-attacks and insider threats. How ATA...

How to remove Office 365 Groups permanently ?

  Hi Guys, Here is process how to remove office 365 groups or soft deleted groups from your office 365 tenant. Step-1 you need to connect with Azure...

How to solve the issue of guest users access in Office 365 when you applied restriction on office 365 groups creation tenant wide?

Connect-AzureAD via powerShell Run the following command: $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified"} See if you already have an AzureADDirectorySetting object,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox