• Title/Summary/Keyword: APT 공격

Search Result 116, Processing Time 0.025 seconds

APT attacks and Countermeasures (APT 공격과 대응 방안 연구)

  • Han, Kun-Hee
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.1
    • /
    • pp.25-30
    • /
    • 2015
  • The APT attacks are hackers created a variety of security threats will continue to attack applied to the network of a particular company or organization. It referred to as intelligent sustained attack. After securing your PC after a particular organization's internal staff access to internal server or database through the PC or remove and destroy the confidential information. The APT attack is so large, there are two zero-day attacks and rootkits. APT is a process of penetration attack, search, acquisition, and is divided into outlet Step 4. It was defined in two ways how you can respond to APT through the process. Technical descriptions were divided into ways to delay the attacker's malicious code attacks time and plan for attacks to be detected and removed through.

  • PDF

An APT Attack Scoring Method Using MITRE ATT&CK (MITRE ATT&CK을 이용한 APT 공격 스코어링 방법 연구)

  • Cho, Sungyoung;Park, Yongwoo;Lee, Kunho;Choi, Changhee;Shin, Chanho;Lee, Kyeongsik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.673-689
    • /
    • 2022
  • We propose an APT attack scoring method as a part of the process for detecting and responding to APT attacks. First, unlike previous work that considered inconsistent and subjective factors determined by cyber security experts in the process of scoring cyber attacks, we identify quantifiable factors from components of MITRE ATT&CK techniques and propose a method of quantifying each identified factor. Then, we propose a method of calculating the score of the unit attack technique from the quantified factors, and the score of the entire APT attack composed of one or more multiple attack techniques. We present the possibility of quantification to determine the threat level and urgency of cyber attacks by applying the proposed scoring method to the APT attack reports, which contains the hundreds of APT attack cases occurred worldwide. Using our work, it will be possible to determine whether actual cyber attacks have occurred in the process of detecting APT attacks, and respond to more urgent and important cyber attacks by estimating the priority of APT attacks.

Design and Implementation of ATP(Advanced Persistent Threat) Attack Tool Using HTTP Get Flooding Technology (HTTP Get Flooding 기술을 이용한 APT(지능적 지속 위협)공격 도구의 설계와 구현)

  • Cheon, Woo-Bong;Park, Won-Hyung;Chung, Tai-Myoung
    • The Journal of Korean Association of Computer Education
    • /
    • v.14 no.6
    • /
    • pp.65-73
    • /
    • 2011
  • As we can see from the recent cyber attack, APT(Advanced Persistent Threat) is trend of hacking attack in the World. Thus, HTTP Get Flooding attack is considered to be one of the most successful attacks in cyber attack method. In this paper, designs and implements new technique for the cyber attack using HTTP get flooding technology. also, I need a defence about DDoS attack through APT Tools.

  • PDF

How to use attack cases and intelligence of Korean-based APT groups (한국어 기반 APT 그룹의 공격사례 및 인텔리전스 활용 방안)

  • Lee Jung Hun;Choi Youn Sung
    • Convergence Security Journal
    • /
    • v.24 no.3
    • /
    • pp.153-163
    • /
    • 2024
  • Despite the increasing hacking threats and security threats as IT technology advances and many companies adopt security solutions, cyberattacks and threats still persist for years. APT attack is a technique of selecting a specific target and continuing to attack. The threat of an APT attack uses all possible means through the electronic network to perform APT for years. Zero-day attacks, malicious code distribution, and social engineering techniques are performed, and some of them directly invade companies. These techniques have been in effect since 2000, and are similarly used in voice phishing, especially for social engineering techniques. Therefore, it is necessary to study countermeasures against APT attacks. This study analyzes the attack cases of Korean-based APT groups in Korea and suggests the correct method of using intelligence to analyze APT attack groups.

Effective Countermeasure to APT Attacks using Big Data (빅데이터를 이용한 APT 공격 시도에 대한 효과적인 대응 방안)

  • Mun, Hyung-Jin;Choi, Seung-Hyeon;Hwang, Yooncheol
    • Journal of Convergence Society for SMB
    • /
    • v.6 no.1
    • /
    • pp.17-23
    • /
    • 2016
  • Recently, Internet services via various devices including smartphone have become available. Because of the development of ICT, numerous hacking incidents have occurred and most of those attacks turned out to be APT attacks. APT attack means an attack method by which a hacker continues to collect information to achieve his goal, and analyzes the weakness of the target and infects it with malicious code, and being hidden, leaks the data in time. In this paper, we examine the information collection method the APT attackers use to invade the target system in a short time using big data, and we suggest and evaluate the countermeasure to protect against the attack method using big data.

A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code (악성코드의 유입경로 및 지능형 지속 공격에 대한 대응 방안)

  • Gu, MiSug;Li, YongZhen
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.4
    • /
    • pp.37-42
    • /
    • 2015
  • Due to the advance of ICT, a variety of attacks have been developing and active. Recently, APT attacks using malicious codes have frequently occurred. Advanced Persistent Threat means that a hacker makes different security threats to attack a certain network of a company or an organization. Exploiting malicious codes or weaknesses, the hacker occupies an insider's PC of the company or the organization and accesses a server or a database through the PC to collect secrets or to destroy them. The paper suggested a countermeasure to cope with APT attacks through an APT attack process. It sought a countermeasure to delay the time to attack taken by the hacker and suggested the countermeasure able to detect and remove APT attacks.

  • PDF

A Study Of Mining ESM based on Data-Mining (데이터 마이닝 기반 보안관제 시스템)

  • Kim, Min-Jun;Kim, Kui-Nam
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.3-8
    • /
    • 2011
  • Advanced Persistent Threat (APT), aims a specific business or political targets, is rapidly growing due to fast technological advancement in hacking, malicious code, and social engineering techniques. One of the most important characteristics of APT is persistence. Attackers constantly collect information by remaining inside of the targets. Enterprise Security Management (EMS) system can misidentify APT as normal pattern of an access or an entry of a normal user as an attack. In order to analyze this misidentification, a new system development and a research are required. This study suggests the way of forecasting APT and the effective countermeasures against APT attacks by categorizing misidentified data in data-mining through threshold ratings. This proposed technique can improve the detection of future APT attacks by categorizing the data of long-term attack attempts.

The Analysis of the APT Prelude by Big Data Analytics (빅데이터 분석을 통한 APT공격 전조 현상 분석)

  • Choi, Chan-young;Park, Dea-woo
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.6
    • /
    • pp.1129-1135
    • /
    • 2016
  • The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on december in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attacks(Advanced Persistent Threat Attacks) thus far. We will use big data analytics to analyze whether or not APT attacks has occurred. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean Defense System. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attacks. Lastly, we will present an effective response method to address a detected APT attacks.

The Analysis of the APT Prelude by Big Data Analytics (빅데이터 분석을 통한 APT공격 전조 현상 분석)

  • Choi, Chan-young;Park, Dea-woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.05a
    • /
    • pp.317-320
    • /
    • 2016
  • The NH-NongHyup network and servers were paralyzed in 2011, in the 2013 3.20 cyber attack happened and Classified documents of Korea Hydro & Nuclear Power Co. Ltd were leaked on December in 2015. All of them were conducted by a foreign country. These attacks were planned for a long time compared to the script kids attacks and the techniques used were very complex and sophisticated. However, no successful solution has been implemented to defend an APT attack thus far. Therefore, we will use big data analytics to analyze whether or not APT attack has occurred in order to defend against the manipulative attackers. This research is based on the data collected through ISAC monitoring among 3 hierarchical Korean defense system. First, we will introduce related research about big data analytics and machine learning. Then, we design two big data analytics models to detect an APT attack and evaluate the models' accuracy and other results. Lastly, we will present an effective response method to address a detected APT attack.

  • PDF

A Study on the Countermeasures against APT Attacks in Industrial Management Environment (산업경영환경에서 지속적 APT 공격에 대한 대응방안 연구)

  • Hong, Sunghyuck
    • Journal of Industrial Convergence
    • /
    • v.16 no.2
    • /
    • pp.25-31
    • /
    • 2018
  • An APT attack is a new hacking technique that continuously attacks specific targets and is called an APT attack in which a hacker exploits various security threats to continually attack a company or organization's network. Protect employees in a specific organization and access their internal servers or databases until they acquire significant assets of the company or organization, such as personal information leaks or critical data breaches. Also, APT attacks are not attacked at once, and it is difficult to detect hacking over the years. This white paper examines ongoing APT attacks and identifies, educates, and proposes measures to build a security management system, from the executives of each organization to the general staff. It also provides security updates and up-to-date antivirus software to prevent malicious code from infiltrating your company or organization, which can exploit vulnerabilities in your organization that could infect malicious code. And provides an environment to respond to APT attacks.