Preventing Advanced Persistent Threats, the Future of IT

SecurityRay Friedman

CEO, Mile2

Introduction

What is an APT?

Impact of APT

Verizon Report 2012

97% - 3%

Counter-measures

Penetration testing

User Education

Mile2

Discussion Topics

APT´s

ATP - Persistent

VS.Black Hat Professional

• They are persistent because of their methods

• Tenaciously calculated

• Stealth

• Long term gain

• Financially lucrative reward

Amateur Kiddy Hacker

• Focuses on short term gain

• Sloppy with their methods

• Usually detected

ATP - Threat

It’s a threat because the perpetrators have:

• Resources

• Motivation to succeed

• Financial gain is great

• Sizeable financial blow to their competitors

Advanced Persistent Threats

APT is characterized as: “slow and low” cyber attacks against servers containing valuable intellectual property.• Unauthorized software • Dormant and undetected • Information is sent remotely to

servers

Value of data retrieved by APTs• Avoid costly research• Procure sensitive

utility/military information

APTs

The threats are real because these hackers are just that…

• Advanced

• Persistent

• Threats

Should we be concerned? Does it apply to me?

APT - Advanced

Not Hackers – Black hat professionals

Skilled

Resourceful

Sophisticated supporting infrastructure

Intelligently managed

APT Life Cycle

Advanced persistent threats create a growing and changing risk to organizations’ financial assets, intellectual property, and reputation by following a continuous process:

Target organizati

ons

Gain foothold in the environment through spear

phishing emails.

Use compromised systems

Deploy tools to attack

Cover tracks

Verizon Report

Verizon Report 2011/2012

• Verizon Data Breach 97% of attacks were avoidable through simple or intermediate controls.

• Over 60% of attacks were targets of opportunity, not APTs.

Verizon Case Study 97% - Ignorance is Bliss

• On average, it takes months for a company to become aware that they have been compromised.

• 92% of the incidents were discovered by a third party.

• In most cases, evidence of the intrusion was clearly present in the company's log files.

The Real Threat

• Company Technology or Social Engineering?

• Awareness is key

• Repetition is necessary

So What is REALITY?

• We have a lot of work to do

• New skills

• New vectors

• Focus on the 97% -basics

What is the 3% APT

• Real Advance Persistent threats only entailed 3% of all the hacks according to the Verizon report

• Example: Sophisticated Malware Attack

• Remote access backdoors

• Persistent reputation

3%

Countermeasures

What happens when you are attacked?

Locate the system or systems under attack.

Find and preserve all log files.

Purge and clean the infected network.

Test the entire network for potential future attacks.

If needed, implement new security measures.

Penetration Test

Phase 1 Planning & Preparation

Phase 2 Assessment

Phase 3 Report

• Info Gather

• Network Mapping

• Vulnerability ID

• Penetration Testing

• Privilege Escalation

• Enumeration

• Compromise User/Sites

• Maintaining Access

• Cover Tracking• Clean up • Reporting

What Should You Do Overall?

Verizon Data Breach Report states that we should:

• Eliminate unnecessary data; keep tabs on what’s left

• Ensure essential controls are met

• Assess remote access services

• Test and review web applications

• Audit user accounts and monitor privileged activity

• Monitor event logs

• Examine Payment Mediums / Devices of ATMs

• Educate- Personal

Countermeasure: User Education

It is extremely important to inform end-users about the dangers of running software obtained from untrusted sources.

Instead of having users simply read and sign-off on the company computer usage policy, actually discuss computer security issues (picking strong passwords, malicious software, etc) in a face-to-face meeting.

Remember, there is no ‘patch’ for stupidity!

Summary

Effective Security is Efficient Security

Most attacks are avoidable

Design, develop, and evaluate your

security program

continuously

Count on Mile2

Mile2 will help you:

• Protect your company, network and system from attacks.

• Protect your intellectual property.

• Enforce acceptable use policies and investigate offenders.

• Learn how to plan, implement, build & maintain a complete security strategy.

• Stay abreast of the most current information and methods relating to IT Security.

• Gain CPE credits: mile2 classes can be submitted to other certification organizations for continuing professional education (CPE) credits.

What Makes Mile2 Superior?

• Mile2's famous penetration testing and IT Security training classes have become the de facto standard for the US Military; US Air Force, Marines, Army and National Guard.

• Mile2 has also taught personnel from the United Nations, DND, DOD, NATO, NASA foreign Military and Government personnel and a large number of fortune 100 companies.

• Traditionally, student participation has also come from a wide spectrum ranging from charities, banking, insurance, health, communications, transport, and law enforcement.

• We practice what we preach!

• Mile2 is a certification governing body with certifications not only known globally but also well respected.

• With a Mile2 Cyber Security certification behind your name, you will be recognized!

• You will have the competence to do your job function… Successfully!

C

Competence

C

onfidence

redibility

Career Income

Income range: $45,000 - $131,000

Mile2 Course Road Map