Tag Archives: APT

7 Lessons: Surviving A Zero-Day Attack

When Pacific Northwest National Laboratory detected a cyber attack–actually two of them–against its tech infrastructure in July, the lab acted quickly to root out the exploits and secure its network. PNNL then did something few other cyber attack victims have been willing to do. It decided to talk openly about what happened.

Their seven lessons learned are well worth examining – particularly the lesson about locating and purging legacy systems, rather than simply leaving them running and available for exploit.

via 7 Lessons: Surviving A Zero-Day Attack – Security – Attacks/breaches – Informationweek.

Black Hat: Targeted network security attacks beating forensics efforts

Do you notice when things change… slowly?

LAS VEGAS — Two researchers peeled back the curtain on targeted malware today at the Black Hat Briefings, demonstrating examples of attacks that relied on a variety of hacks, ranging from zero-day PDF attacks to memory-based rootkits. In each of the four examples, the attack was specially crafted to beat the target company, and new layers of functionality were added to the malware to either beat detection protections already in place, or frustrate network security forensics investigators.

“Customization of malware is the key,” said one of the presenters, Nick Percoco, senior VP at Trustwave’s SpiderLabs, the Chicago-based forensic company’s security research arm. “Also, slow and steady wins the race for today’s attackers. They’re not in it for quick and dirty hacks. Persistency is the key; they have to get in and maintain the attack,” Percoco said.

Targeted, persistent attacks have been prominent this year, starting with Google’s admission that it, along with more than 30 other technology companies, large enterprises and defense contractors, had been infiltrated by attackers from China using sophisticated attacks to quietly siphon sensitive data. The attacks also introduced APT, or advanced persistent threat, into the security lexicon.

While targeting may be gaining more prominence, the means by which attackers are getting into enterprises aren’t much different than they were 18 months ago. Keyloggers, network sniffers and memory-dumping rootkits are still in vogue; the newness is in the way attackers are covering their tracks in order to maintain a persistent presence inside an organization.

via Black Hat: Targeted network security attacks beating forensics efforts.