nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Attack Vectors and Advanced Persistent Threats

verfasst von : Sergio F. de Abreu, Stefan Kendzierskyj, Hamid Jahankhani

Erschienen in: Cyber Defence in the Age of AI, Smart Societies and Augmented Humanity

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Advanced Persistent Threats (APTs) are destructive and malicious cyberattacks aimed at high profile, high value targets with clear objectives in mind with a range of desired outputs. In most cases, these threat groups are state sponsored which makes them extremely well financed, organised and resourced. The attack payloads range from data exfiltration and theft to the undermining of critical national infrastructure. These attacks differ from the typical cyberattacks in several different ways but a key differentiation is their patient “low and slow” approach to prevent detection. This approach, although slow, has been very successful and in many cases, detection is years after initial infection. Many of the attacks detected today, have been over a decade in the making. Most concerning is the fact that traditional defence mechanisms have been unsuccessful at detecting these attacks and so how successful will these methods be against a new generation of attacks? The earliest recording of an APT is probably “the cuckoo’s egg”. An attack in the 1980s in which a West German hacker infiltrated a series of computers in California and over time stole state secrets relating to the US “Star Wars” program. The hacker then sold the information to the Soviet KGB. Although at this point in time, cyber defence was not a government sponsored military department, it raised awareness of just how powerful this threat could be. Since then, worldwide attacks in the private and public sectors have grown exponentially and today, all governments have cyber warfare units.

Most APT attacks are state sponsored; however, this does not mean that attacks are limited to government entities. Far from it. These attacks affect individuals, companies, corporations and governments globally. Attacks can and do encompass a multitude of sophisticated techniques and affect not only the traditional LAN/WAN environments but could also contaminate new generation networks such as mobile 5G networks, vehicular ad hoc networks (VANET) and Internet of Things (IoT) to name but a few. Dealing with these attacks is challenging, most attacks take years to be discovered and traditional detection mechanisms have been woefully inadequate. The age of machine learning and artificial intelligence has brought significant improvement to the detection challenges faced. These fields allow us to look for far more than attack signatures and characteristics. They allow us to look for patterns of behaviour through massive data quantities at speeds previously unimaginable.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Experimental Analyses in Search of Effective Mitigation for Login Cross-Site Request Forgery

Nächstes Kapitel Artificial Intelligence in Protecting Smart Building’s Cloud Service Infrastructure from Cyberattacks

Adair S, Deibert R, Rohozinski R, Villeneuve N, Walton G (2010) SHADOWS IN THE CLOUD: investigating cyber espionage 2.0|online safety & privacy|computer security. [online] Scribd. Available at https://www.scribd.com/doc/29435784/SHADOWS-IN-THE-CLOUD-Investigating-Cyber-Espionage-2-0#. Accessed 14 June 2018

Ben-Asher N, Gonzalez C (2015) Training for the unknown: the role of feedback and similarity in detecting zero-day attacks. Proc Manuf 3:1088–1095

Bhatt P, Yano E, Gustavsson P (2014) Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th international symposium on service oriented system engineering

Brewer R (2014) Advanced persistent threats: minimising the damage. Netw Secur 2014(4):5–9CrossRef

Cdn0.vox-cdn.com (2014) crowdstrike-intelligence-report-putter-panda.original.pdf. [online]. Available at http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf. Accessed 8 Sept 2019

Chen P, Desmet L, Huygens C (2014) A study on advanced persistent threats. In: Communications and multimedia security. Springer, Aveiro, pp 63–72

CISA Cyber Infrastructure (2019) MAR-10135536-8 – North Korean Trojan: HOPLIGHT|CISA. [online]. Available at https://www.us-cert.gov/ncas/analysis-reports/AR19-100A. Accessed 23 Sept 2019

Council on Foreign Relations (2019) Connect the dots on state-sponsored cyber incidents – PLA unit 61398. [online]. Available at https://www.cfr.org/interactive/cyber-operations/pla-unit-61398. Accessed 15 Sept 2019

Ferrer Z, Cebrian Ferrer M (2016) In-depth analysis of Hydraq – in-depth_analysis _of_hydraq_final_231538.pdf. [online] Paper.seebug.org. Available at https://paper. seebug.org/papers/APT/APT_CyberCriminal_Campagin/2010/in-depth_analysis_of_ hydraq_final_231538.pdf. Accessed 6 Sept 2019

10.

Fireeye Mandiant APT1 Report (2016) APT1: exposing one of China’s cyber espionage units – mandiant-apt1-report. [online]. Available at https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf. Accessed 18 Sept 2019

11.

Flashpoint (2019) Flashpoint – disclosure of Chilean Redbanc intrusion leads to Lazarus Ties. [online]. Available at https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/. Accessed 6 Sept 2019

12.

Gressin S (2017) The equifax data breach: what to do. [online] Consumer Information. Available at https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do. Accessed 7 Aug 2018

13.

Hale B (n.d.) Estimating log generation for security information event and log management. [online] Content.solarwinds.com. Available at http://content.solarwinds.com/creative/pdf/Whitepapers/estimating_log_generation_white_paper.pdf. Accessed 9 June 2018

14.

Hussain M, Wahab A, Idris Y, Ho A, Jung K (2018) Image steganography in spatial domain: a survey. Signal Process Image Commun 65:46–66CrossRef

15.

Jasek R, Kolarik M, Vymola T (2013) APT detection system using honeypots. [online] Pdfs.semanticscholar.org. Available at https://pdfs.semanticscholar.org/2f8e/f5890c39579bc9648158b710a1ef2b8366db.pdf. Accessed 12 July 2018

16.

Jiang D, Omote K (2015) An approach to detect remote access Trojan in the early stage of communication. In: 2015 IEEE 29th international conference on advanced information networking and applications

17.

Joint Task Force Transformation Initiative (2011) Managing information security risk. [online] Nvlpubs.nist.gov. Available at https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf. Accessed 4 July 2018

18.

Keragala D (2016) Detecting malware and sandbox evasion techniques. [online] Sans.org. Available at https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667. Accessed 10 June 2018

19.

Kruegel C (2015) Evasive malware exposed and deconstructed|USA 2015|RSA conference. [online] Rsaconference.com. Available at https://www.rsaconference.com/events/us15/agenda/sessions/2022/evasive-malware-exposed-and-deconstructed. Accessed 6 June 2018

20.

LLC L (2018) Threat actors and exploits top ten lists of 2018|LIFARS, your cyber resiliency partner. [online] LIFARS, your cyber resiliency partner. Available at https://lifars.com/2018/11/threat-actors-exploits-top-ten-2018/. Accessed 19 Sept 2019

21.

MacDonald N (2012) Information security is becoming a big data analytics problem. [online] Gartner.com. Available at https://www.gartner.com/id=1960615. Accessed 9 June 2018

22.

Marchetti M, Pierazzi F, Colajanni M, Guido A (2016) Analysis of high volumes of network traffic for advanced persistent threat detection. Comput Netw 109:127–141CrossRef

23.

McCandless D (2018) World’s biggest data breaches & hacks – information is beautiful. [online] information is beautiful. Available at http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/. Accessed 10 Aug 2018

24.

Messmer E (2013) Malware-detecting ‘sandboxing’ technology no silver bullet. [online] network world. Available at https://www.networkworld.com/article/2164758/network-security/malware-detecting%2D%2Dsandboxing%2D%2Dtechnology-no-silver-bullet.html. Accessed 17 June 2018

25.

Mokube I, Adams M (2007) Proceedings of the 45th annual southeast regional conference. ACM, New York, pp 321–326CrossRef

26.

Paganini P (2019) Experts link attack on Chilean interbank network Redbanc NK Lazarus APT. [online] Security Affairs. Available at https://securityaffairs.co/wordpress/79929/breaking-news/chilean-research-redbank-lazarus.html. Accessed 6 Sept 2019

27.

Paredes-Oliva I, Castell-Uroz I, Barlet-Ros P, Dimitropoulos X, Sole-Pareta J (2012) Practical anomaly detection based on classifying frequent traffic patterns. In: 2012 Proceedings IEEE INFOCOM workshops

28.

Raman D, De Sutter B, Coppens B, Volckaert S, De Bosschere K, Danhieux P, Van Buggenhout E (2013) DNS tunneling for network penetration. In: Lecture notes in computer science. Springer, Cham, pp 65–77

29.

Rashid P, Ramdhany D, Edwards M, Kibirige S, Babar D, Hutchison P, Chitchyan D (2014) Detecting and preventing data exfiltration. [online] seculanc_data_exfil_report. Available at https://www.lancaster.ac.uk/media/lancaster-university/content-assets/images/security-lancaster/seculanc_data_exfil_report.pdf. Accessed 10 June 2018

30.

Scaife N, Carter H, Traynor P, Butler K (2016) CryptoLock (and Drop It): stopping ransomware attacks on user data. In: 2016 IEEE 36th international conference on distributed computing systems (ICDCS)

31.

Siddiqui S, Khan M, Ferens K, Kinsner W (2016) Detecting advanced persistent threats using fractal dimension based machine learning classification. In: Proceedings of the 2016 ACM on international workshop on security and privacy analytics – IWSPA’16

32.

Sokol P, Míšek J, Husák M (2017) Honeypots and honeynets: issues of privacy. EURASIP J Inf Secur 2017(1):1–9CrossRef

33.

Spitzner L (2002) Honeypots: tracking hackers. Addison-Wesley, Boston

34.

Virvilis N, Gritzalis D (2013) The big four – what we did wrong in advanced persistent threat detection? In: 2013 international conference on availability, reliability and security

35.

Zamani M, Movahedi M (2015) Machine learning techniques for intrusion detection. [online] Arxiv.org. Available at https://arxiv.org/pdf/1312.2177.pdf. Accessed 21 Dec 2017

Titel: Attack Vectors and Advanced Persistent Threats
verfasst von: Sergio F. de Abreu
Stefan Kendzierskyj
Hamid Jahankhani
Verlag: Springer International Publishing
Buch: Cyber Defence in the Age of AI, Smart Societies and Augmented Humanity
Print ISBN: 978-3-030-35745-0

Electronic ISBN: 978-3-030-35746-7

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-35746-7_13

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"