Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Report reveals ease of execution of some APTs

Imperva : 13 May, 2014  (Technical Article)
Imperva intelligence report on the non-advanced persistent threat provides insight into some of the techniques used for APT execution
Report reveals ease of execution of some APTs

Imperva has released its April Hacker Intelligence Initiative report, "The Non-Advanced Persistent Threat." The report presents an in-depth view of how some techniques attributed to so-called Advanced Persistent Threats (APTs) require only basic technical skills. The report exposes simple ways that attackers are obtaining access privileges and accessing protected data by targeting weaknesses of the Microsoft NTLM protocol using nothing more than knowledge of common Windows protocols, basic social engineering, and readily available software.

"As our research team reveals in our Hacker Intelligence Initiative Report, some APTs are relatively simple to execute,” said Amichai Shulman, CTO of Imperva. “There needs to be a fundamental shift in how we view APTs and how we protect against them. These types of attacks are difficult to prevent and our report shows that they can be conducted relatively easily. In order to mitigate damage, security teams need to understand how to protect critical data assets once intruders have already gained access.”

The report focuses on the phases of escalating privileges and collecting information, showing how attackers achieve their goals without resorting to zero-day vulnerabilities or sophisticated exploits. This research examines how attacks target commonly known weaknesses in the Windows NTLM protocol, a standard Microsoft authentication protocol. This protocol, while considered weak, is still widely used in corporate environments. The research then shows how attackers can exploit these vulnerabilities to expand their reach within a target organization and access critical data assets. Finally, the report details how organizations can protect themselves and their most sensitive data against the outcomes of such attacks.

Key findings from the report:

* Data breaches commonly associated with APT can be achieved by relatively simple (and commonly available) means, using basic technical skills.
* Built-in Windows functionality, combined with seemingly “innocent” file shares and SharePoint sites, can provide attackers with an entry-point to accessing an organization’s most critical data.
* A mitigation strategy should be implemented that focuses on monitoring the authentication process itself and data access patterns, in addition to tailoring authorization mechanisms for increased security.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo