Upload File

Download - Undermining security infographic

Transcript
Page 1: Undermining security infographic

ONLY A TEST

PROOF OF CONCEPT

11010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101010111110101001110101000110

STOLE PRIVATE KEYS

11010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101010111110101001110101000110

GAINED ACCESSATTACK STAGE 2

EXPANDED FOOTHOLDATTACK STAGE 3

ATTACK STAGE 4

EXFILTRATED DATA

WARNING APT18’s test attack was vastly successful in stealing data by undermining the existing security systems.

What will be their next target? Have you protected your keys and certificates from misuse, such as a Heartbleed compromise, malware, or other exploits?

PROTECT YOUR BUSINESS 1

Learn how to protect your business atwww.venafi.com/apt18-attack

2

3

4

Secure: Find all keys and certificates

Enforce: Apply policies and workflow requirements

Detect: Identify changes, misuse, and anomalies

Respond: Replace keys and certificates automatically

THE ATTACKERS EXFILTRATED DATA USING SSLMost security controls do not conduct SSL inspection or have ALL of the keys necessary to decrypt ALL traffic, leaving a huge blind spot.

ATTACKERS BYPASSEDSECURITY CONTROLSUsed encrypted SSL/TLS communications to bypass security controls, including DLP, IDS/IPS,threat detection, sandboxing, etc.

ONCE IN, ATTACKERS WORKED TO ELEVATE PRIVILEGES AND EXPAND ACCESSStole or created new SSH keys and certificates for future backdoor access and exfiltration of data.

ATTACKERS BYPASSEDSECURITY CONTROLSIncluding firewall, authentication, VPN and privileged access controls by using stolen keys and certificates to hide their activity.

THE ATTACKERSBREACHED THE COMPANY Using stolen private keys and VPN credentials. The private keys were used to decrypt live data.

ATTACKERS BYPASSEDSECURITY CONTROLSCircumventing firewalls, authentication, and other security controls.

NAME

IDSSNADDRESS

Attackers used

HEARTBLEEDTo compromises private keys.

ATTACKERS BYPASSEDSECURITY CONTROLSIn addition to Heartbleed, they could have used any of the millions of malware variants that steal keys and certificates to bypass security controls.

KEYS & CERTIFICATESINTRODUCTION

As reported by Time, Bloomberg, and others, known Chinese cyber-espoinage operator, APT18, compromised a Fortune 200 American health services organization and stole data on 4.5 million patients.

ATTACKERS BYPASSED SECURITY CONTROLSUsing compromised keys and certificates.

ATTACK STAGE 1

APT 18

UNDERMININGSECURITYTHE BAD GUYS HAVE TESTED A POWERFUL PROOF-OF-CONCEPT ATTACK AND PROVEN IT WORKS. WILL YOU BE THE NEXT TARGET?

Top Related

Mobile Device Security Infographic
Mobile Device Security Infographic
Infographic: 2016 State of Application Security
Infographic: 2016 State of Application Security
USB Undermining Security Barriers - Black Hat Briefings · USB – Undermining Security Barriers Page 3 of 18 Introduction USB ports are everywhere, from laptops and phones to TVs
USB Undermining Security Barriers - Black Hat Briefings · USB – Undermining Security Barriers Page 3 of 18 Introduction USB ports are everywhere, from laptops and phones to TVs
Box Support Cyber Security Infographic
Box Support Cyber Security Infographic
Internet Security Report Infographic Q3 2020
Internet Security Report Infographic Q3 2020
2014 Security Predictions from Symantec - Infographic
2014 Security Predictions from Symantec - Infographic
Intel Enterprise Security - Infographic
Intel Enterprise Security - Infographic
Windstream Managed Network Security Infographic
Windstream Managed Network Security Infographic