CyberSecurity/Data

How difficult is it to carry out an APT attack?

Data CBR Staff Writer

14:05, May 7 2014

image

Researchers at Imperva claim that it data breaches, commonly associated with APT, can be achieved by relatively simple means.

Though it is commonly perceived that carrying out Advanced Persistent Threat (APT) attacks requires higher skills, a report from Imperva found that they can be executed quite easily.

It claims that data breaches, commonly associated with APT, can be achieved by relatively simple (and commonly available) means and basic technical skills.

The researchers have exposed some simple techniques that can allow attackers to efficiently expand their reach within an infected organisation as well as how attackers can execute their exploits without going for zero-day vulnerabilities and sophisticated exploits.

The report found that attackers can exploit Windows functionality along with "innocent" areas of file shares and SharePoint which can give attackers access to most critical data.

Attackers can also gain access to more privileged accounts exploiting basic privileges in Windows functionality in order to "poison" local machines.

Imperva said in a blog: "Despite these common perceptions, our labs discovered that some techniques attributed to APT require only basic skills.

"For example, there are simple ways to accumulate access privileges by attacking common Windows protocols," it added.

"To provide evidence of this, the attacks we examined targeted commonly known, inherent weaknesses of the Microsoft NTLM protocol, and leveraged basic social engineering, Windows skills, and readily available software."

The researchers suggest that the security teams in the organisations should change their paradigm from absolute prevention of intrusion instead focus on protecting critical data assets once intruders have gained access to their infrastructure.

Companies should also shift their practice from absolute reliance on access control measures, to abuse detection mechanisms, researchers added.

Comments

Post a comment

Comments may be moderated for spam, obscenities or defamation.