How difficult is it to carry out an APT attack?

Security

by CBR Staff Writer| 07 May 2014

Researchers at Imperva claim that it data breaches, commonly associated with APT, can be achieved by relatively simple means.

Though it is commonly perceived that carrying out Advanced Persistent Threat (APT) attacks requires higher skills, a report from Imperva found that they can be executed quite easily.

It claims that data breaches, commonly associated with APT, can be achieved by relatively simple (and commonly available) means and basic technical skills.

The researchers have exposed some simple techniques that can allow attackers to efficiently expand their reach within an infected organisation as well as how attackers can execute their exploits without going for zero-day vulnerabilities and sophisticated exploits.

The report found that attackers can exploit Windows functionality along with "innocent" areas of file shares and SharePoint which can give attackers access to most critical data.

Attackers can also gain access to more privileged accounts exploiting basic privileges in Windows functionality in order to "poison" local machines.

Imperva said in a blog: "Despite these common perceptions, our labs discovered that some techniques attributed to APT require only basic skills.

"For example, there are simple ways to accumulate access privileges by attacking common Windows protocols," it added.

"To provide evidence of this, the attacks we examined targeted commonly known, inherent weaknesses of the Microsoft NTLM protocol, and leveraged basic social engineering, Windows skills, and readily available software."

The researchers suggest that the security teams in the organisations should change their paradigm from absolute prevention of intrusion instead focus on protecting critical data assets once intruders have gained access to their infrastructure.

Companies should also shift their practice from absolute reliance on access control measures, to abuse detection mechanisms, researchers added.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.