15
APT(ADVANCED PERSISTENT THREATS) & STRATEGIES TO COUNTER APT Avkash Kathiriya Information Security Researcher

APT(Advanced Persistent Threats) & strategies to counter APT

Embed Size (px)

Citation preview

Page 1: APT(Advanced Persistent Threats) & strategies to counter APT

APT(ADVANCED PERSISTENT THREATS) & STRATEGIES TO COUNTER

APT

Avkash Kathiriya

Information Security Researcher

Page 2: APT(Advanced Persistent Threats) & strategies to counter APT

AGENDA

• What is APT?

• History of APT’s

• Attack Threat types

• Cyber Kill Chain

• Strategy to counter APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 2

Page 3: APT(Advanced Persistent Threats) & strategies to counter APT

WHAT IS APT?

• Advanced – Combination of attack methods and tools

• Persistent – Continuous monitoring and interaction

– “Low-and-slow” approach

• Threat – Attacker is skilled, motivated, organized and

well funded

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 3

APT is a term coined by the U.S. Air Force in 2006

Page 4: APT(Advanced Persistent Threats) & strategies to counter APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 4

HISTORY OF APT’S

Page 5: APT(Advanced Persistent Threats) & strategies to counter APT

HISTORY OF APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 5

Page 6: APT(Advanced Persistent Threats) & strategies to counter APT

RECENT PAST OF APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 6

http://www.theverge.com/2014/11/30/7309375/dvd-rips-of-fury-annie-mr-turner-and-still-alice-hit-the-web http://www.cnet.com/au/news/how-target-detected-hack-but-failed-to-act-bloomberg/ http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target

Page 7: APT(Advanced Persistent Threats) & strategies to counter APT

ATTACK THREAT TYPES

Nuisance –

o Attacks are opportunistic

Organization is targeted because it is vulnerable

Insider –

o Trusted insider steals data

Difficult to prevent but detection and attribution is possible

Hacktivists –

o Motivated by a cause

Determined but not always sophisticated

Financial & Intellectual Property (IP) –

o More sophisticated attacks

Typically target information for financial or competitive gain

State-sponsored –

o Persistent and Targeted

Attacks continue until targeted data is obtained

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 7

Nuisance Insider Hacktivists

Financial & Intellectual

Property (IP)

State-sponsored

Page 8: APT(Advanced Persistent Threats) & strategies to counter APT

CYBER KILL CHAIN

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 8

Page 9: APT(Advanced Persistent Threats) & strategies to counter APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 9

Page 10: APT(Advanced Persistent Threats) & strategies to counter APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 10

APT IN ACTION

Page 11: APT(Advanced Persistent Threats) & strategies to counter APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 11

STRATEGIES TO COUNTER APT

No Single Protection technology is a silver bullet

Since there exist no silver bullet to defeat APT, all you need is a strategy to defeat the APT

Page 12: APT(Advanced Persistent Threats) & strategies to counter APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 12

IT’S ALL ABOUT HUNTING THE “UNKNOWN”

Page 13: APT(Advanced Persistent Threats) & strategies to counter APT

GARTNER FIVE STYLES OF ADVANCED THREAT DEFENSE

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 13

Page 14: APT(Advanced Persistent Threats) & strategies to counter APT

SANDBOXING

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 14

SANDBOX is a security mechanism for separating running programs

Page 15: APT(Advanced Persistent Threats) & strategies to counter APT

2/28/2016 APT & STRATEGIES TO COUNTER APT BY AVKASH K 15