Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

APT tactics often "not sophisticated" say Imperva

by The Gurus
May 6, 2014
in Editor's News
Share on FacebookShare on Twitter

Attackers can obtain access privileges and access protected data by using nothing more than knowledge of common Windows protocols, basic social engineering and readily available software.
 
According to research by Imperva, data breaches that are commonly associated with the “APT” theme are often achieved by relatively simple (and commonly available) means, using basic technical skills.
 
Amichai Shulman, CTO of Imperva, said: “There needs to be a fundamental shift in how we view APTs and how we protect against them. These types of attacks are difficult to prevent and our report shows that they can be conducted relatively easily. In order to mitigate damage, security teams need to understand how to protect critical data assets once intruders have already gained access.”
 
A new research paper from Imperva, “The Non-Advanced Persistent Threat” claims that Advanced Persistent Threats (APTs) require only basic technical skills, it also found that built-in Windows functionality, combined with seemingly “innocent” file shares and SharePoint sites can provide attackers with an entry-point to accessing an organisation’s most critical data.
 
Talking to IT Security Guru, Shulman said that many people consider APTs to be technical and “magic”, and it wanted to show how they are used to take hold of a single foothold in the organisation and spread throughout an organisation.
 
“We are showing that these techniques are actually very simple and not sophisticated, and not resorting to zero-day vulnerabilities, or complex scripts and hacking tactics. The importance of that is once you understand how these techniques work you can put mitigation in place to find them,” he said.
 
“Attackers are using zero-days to get the first foothold into the organisation, but with exploits going out every week it makes it easier, with phishing or drive-by download, so how do they take advantage of it? There are inherent issues with Windows that allows them to do it in a very simple way, and in order to grab the privileges you need to force the victim to login with a compromised machine.”
 
Shulman said that this enabled with a folder with public access and no sensitive data in it, that everyone can access and put stuff in and “poison the well” by adding a file to the folder to link to the compromised machine.”
 
Shulman said that this is enabled with a folder with public access and no sensitive data in it, that everyone can access and put stuff in to “poison the well” by adding a file to the folder, changing an icon to reference a compromised machine.
 
“Once you have done that, everyone browsing that public folder will try to authenticate to the compromised machine. Then you relay the privileges from the internet, which is simple to do without any great hacking skill and grab privileges from everyone in the organisation.”
 
Asked what businesses can do to protect themselves, Shulman said it is more about collecting privileges than hacking, so businesses should recognise the abuse pattern and what are users doing in the organisation, such as a lot of users working from one machine or a lot of out of working time on one machine.
 
“They are relatively easy to detect if you have the right security solution in place. Monitor the activity from your database to your file server, and this allows you to grab intrusions, prevent them and give you the ability to manage access control with a very small set of critical files. You can go to the data owner of that set and that is how you achieve control of your privileges
,” he said.

FacebookTweetLinkedIn
Tags: APTWindows
ShareTweetShare
Previous Post

Mikko and Brian talk about data availability

Next Post

A quarter of breaches go undetected for a day

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information