APT-opoly ♦ From the Bad Guys’ Point-of-View ♦ INITIAL RECON STREET

INTRUSION AVENUE

Choose a target.

Employ social engineering and spear phishing emails to infect network.

Research target’s network infrastructure and employees.

The GhostNet attacks (discovered in 2009) were initiated by spear-phishing emails containing malicious attachments that loaded a Trojan horse on the victim’s system.

Large-Scale Examples StuxNet (allegedly launched by U.S. & Israeli interests) was an APT targeting Iran’s nuclear program. Red October stole secrets from government and research organizations from at least 2007 through 2012. By 2012, Eurograbber had stolen an estimated 36 million euro from more than 30,000 customers across Europe.

EXFILTRATION BOULEVARD

Use compromised system to access network remotely.

Create secret backdoors and tunnels within target’s network that will allow stealthy access to infrastructure.

But How Do They Get In? Attackers can find exploits and vulnerabilities in popular operating systems, browsers, and applications when companies neglect to patch or upgrade their networks and resources in a timely manner. They often employ technically sophisticated criminal hackers who find Zero-Day (previously unknown and unpublished) vulnerabilities.

GAIN ACCESS ROAD Crack passwords and use exploits to acquire admin privileges to compromised system.

EXPAND & MAINTAIN AVENUE

Extend privileges further over network if possible.

Expand control to other systems and servers. Continue to ensure presence remains undetected and that access rights persist.

Exfiltrate data. Cover tracks to maintain access for future attacks.

FOOTHOLD SQUARE

Attackers control victim networks for an average of one year. The longest time disovered so far was five years.

© THE SECURITY AWARENESS COMPANY

INTERNAL RECON STREET Collect more information about target’s infrastructure and privacy policies from the inside.