Skip to main content

their working methods

Advanced persistent Threats attacks are systematically planned and accurately executed. These attacks can be break down into four stages or phases:

  1.  Incursion
  2.  Discovery
  3.  Capture
  4.  Ex-filtration

1: Incursion

In these targeted attacks, hackers enter into the organization's network. During this attack they will be making use of SQL injection attack, zero-day vulnerabilities, social engineering methods, targeted malicious software called as malware, etc. There is a fundamental difference between normal attack and APT. While normal targeted attacks use short-term methods, APTs are designed to launch covert operations over long period of time. Other characteristics of APT incursions are as follows:
• Reconnaissance: This is a kind of an information gathering phase. In APT attacks often engage large number of researchers who spend months together studying their targets and making themselves comfortable with target systems, people and processes.
• Social engineering: Incursion phase is often completed through the use of social engineering techniques, such as inducing an employee to open attachments that appear to come from trusted source i.e., partners or colleagues. Just like typical phishing attack, such techniques are often supported by in depth research on the victim organization.
• Zero day vulnerabilities: Zero day vulnerabilities are security loopholes in the system. Developer is not aware of it. Attacker can exploit this security breach before developer provides a patch or fix. As a result this attack, the target organization has zero days to prepare backup or security arena. Since it takes substantial time and efforts to discover zero-day vulnerabilities, only the most sophisticated and trained attacker organizations are likely to take advantage of zero day vulnerabilities.

2: Discovery

Once inside the targeted network, attacker carefully scans the entire network by using different tools and techniques of hacking. Attacker will scan the entire network and find out unsecure area from where hacker can get access to sensitive information, hardware and software vulnerabilities, exposed credentials of authenticated accounts. All these things attacker is going to carry out stealth mode or secretly.

While performing this phase, attackers mainly focus on following points:

  • Using multiple vectors attacker will try to explore the network.
  • Second goal is ‘Run silent-run deep’. To be in the victim organisations for longer time and for this, they use Hydraq(Hydraq is a Trojan horse that opens a back door on the compromised computer.) technique i.e., keeping them hidden in the victim network for longer period.
  • Research and analysis work is involved on found systems data and information like network topology, user ID’s, passwords etc.

3: Capture

In this phase, data is immediately captured from the unprotected systems. Secretly rootkit like software are installed to capture the data and instruction flow of organisations.

4: Exfiltration

In this phase, once intruders got control over targeted system, they may proceed with the theft of important data of information. As this is the last phase attacker has to transmit the stolen data to protected home base. For this secure data transmission they generally use port no 443, it is resembled SSL channel but not truly SSL. Hydraq use new techniques for sending stolen information back to home.

Comments

Post a Comment

thank you for visiting :)

Popular posts from this blog

The Seven-Step Model of Migration

Irrespective of the migration approach adopted, the Seven-step Model of Cloud Migration creates a more rational point of view towards the migration process and offers the ability to imbibe several best practices throughout the journey Step 1: Assess Cloud migration assessments are conducted to understand the complexities in the migration process at the code, design and architectural levels. The investment and the recurring costs are also evaluated along with gauging the tools, test cases, functionalities and other features related to the configuration. Step 2: Isolate The applications to be migrated to the cloud from the internal data center are freed of dependencies pertaining to the environment and the existing system. This step cuts a clearer picture about the complexity of the migration process. Step 3: Map Most organisations hold a detailed mapping of their environment with all the systems and applications. This information can be used to distinguish between the ...
Post a Comment
Read more

Special Permissions in linux

The setuid permission on an executable file means that the command will run as the user owning the file, not as the user that ran the command. One example is the passwd command: [student@desktopX ~]$ ls -l /usr/bin/passwd -rw s r-xr-x. 1 root root 35504 Jul 16 2010 /usr/bin/passwd In a long listing, you can spot the setuid permissions by a lowercase s where you would normally expect the x (owner execute permissions) to be. If the owner does not have execute permissions, this will be replaced by an uppercase S . The special permission setgid on a directory means that files created in the directory will inherit their group ownership from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories to automatically change a file from the default private group to the shared group, or if files in a directory should be...
Post a Comment
Read more

RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version

import tweepy /usr/lib/python2.7/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version!   RequestsDependencyWarning) Traceback (most recent call last):   File "<stdin>", line 1, in <module>   File "/usr/local/lib/python2.7/dist-packages/tweepy/__init__.py", line 14, in <module>     from tweepy.api import API   File "/usr/local/lib/python2.7/dist-packages/tweepy/api.py", line 12, in <module>     from tweepy.binder import bind_api   File "/usr/local/lib/python2.7/dist-packages/tweepy/binder.py", line 11, in <module>     import requests   File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 97, in <module>     from . import utils   File "/usr/lib/python2.7/dist-packages/requests/utils.py", line 26, in <module>     from ._internal_utils import to...
Post a Comment
Read more

tag