-
-
[转帖]The APT Attack Sequence
-
发表于: 2013-2-1 15:50 1993
-
The APT Attack Sequence
http://www.trendmicro.com/us/enterprise/challenges/advance-targeted-attacks/index.html#understand-an-attack
The APT Attack Sequence
1. Intelligence Gathering
Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack.
2. Point of Entry
The initial compromise is typically from zero-day malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. (Alternatively, a web site exploitation or direct network hack may be employed.)
3. Command & Control (C&C) Communication
Allows the attacker to instruct and control the compromised machines and malware used for all subsequent phases.
4. Lateral Movement
Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control.
5. Asset/Data Discovery
Several techniques (ex. Port scanning) are used to identify the noteworthy servers and the services that house the data of interest.
6. Data Exfiltration
Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations under attacker’s control.
http://www.trendmicro.com/us/enterprise/challenges/advance-targeted-attacks/index.html#understand-an-attack
The APT Attack Sequence
1. Intelligence Gathering
Identify & research target individuals using public sources (LinkedIn, Facebook, etc) and prepare a customized attack.
2. Point of Entry
The initial compromise is typically from zero-day malware delivered via social engineering (email/IM or drive by download). A backdoor is created and the network can now be infiltrated. (Alternatively, a web site exploitation or direct network hack may be employed.)
3. Command & Control (C&C) Communication
Allows the attacker to instruct and control the compromised machines and malware used for all subsequent phases.
4. Lateral Movement
Once inside the network, attacker compromises additional machines to harvest credentials, escalate privilege levels and maintain persistent control.
5. Asset/Data Discovery
Several techniques (ex. Port scanning) are used to identify the noteworthy servers and the services that house the data of interest.
6. Data Exfiltration
Once sensitive information is gathered, the data is funneled to an internal staging server where it is chunked, compressed and often encrypted for transmission to external locations under attacker’s control.
赞赏
他的文章
看原图
赞赏
雪币:
留言: