• Title/Summary/Keyword: Advanced persistent threats (APT's)

Search Result 9, Processing Time 0.029 seconds

A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code (악성코드의 유입경로 및 지능형 지속 공격에 대한 대응 방안)

  • Gu, MiSug;Li, YongZhen
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.4
    • /
    • pp.37-42
    • /
    • 2015
  • Due to the advance of ICT, a variety of attacks have been developing and active. Recently, APT attacks using malicious codes have frequently occurred. Advanced Persistent Threat means that a hacker makes different security threats to attack a certain network of a company or an organization. Exploiting malicious codes or weaknesses, the hacker occupies an insider's PC of the company or the organization and accesses a server or a database through the PC to collect secrets or to destroy them. The paper suggested a countermeasure to cope with APT attacks through an APT attack process. It sought a countermeasure to delay the time to attack taken by the hacker and suggested the countermeasure able to detect and remove APT attacks.

  • PDF

Defending Against Today's Advanced Persistent Threats (최신 APT 해킹공격에 대한 방어)

  • Marpaung, Jonathan A.P.;Lee, HoonJae
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2012.11a
    • /
    • pp.954-957
    • /
    • 2012
  • Recent high profile attacks have brought the attention of governments, corporations, and the general public towards the dangers posed by Advanced Persistent Threats. This paper provides an analysis of the attack vectors employed by these actors by studying several recent attacks. We present recommendations on how to best defend against these threats by better classification of critical information infrastructure and assets, people protection, penetration tests, access control, security monitoring, and patch management.

APT attacks and Countermeasures (APT 공격과 대응 방안 연구)

  • Han, Kun-Hee
    • Journal of Convergence Society for SMB
    • /
    • v.5 no.1
    • /
    • pp.25-30
    • /
    • 2015
  • The APT attacks are hackers created a variety of security threats will continue to attack applied to the network of a particular company or organization. It referred to as intelligent sustained attack. After securing your PC after a particular organization's internal staff access to internal server or database through the PC or remove and destroy the confidential information. The APT attack is so large, there are two zero-day attacks and rootkits. APT is a process of penetration attack, search, acquisition, and is divided into outlet Step 4. It was defined in two ways how you can respond to APT through the process. Technical descriptions were divided into ways to delay the attacker's malicious code attacks time and plan for attacks to be detected and removed through.

  • PDF

Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures

  • Bahrami, Pooneh Nikkhah;Dehghantanha, Ali;Dargahi, Tooska;Parizi, Reza M.;Choo, Kim-Kwang Raymond;Javadi, Hamid H.S.
    • Journal of Information Processing Systems
    • /
    • v.15 no.4
    • /
    • pp.865-889
    • /
    • 2019
  • The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

On the administrative security approaches against spear phishing attacks (스피어 피싱 대응을 위한 관리적 보안대책에 의한 접근)

  • Sohn, Yu-Seung;Nam, Kil-Hyun;Goh, Sung-Cheol
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.12
    • /
    • pp.2753-2762
    • /
    • 2013
  • Recently the paradigm of cyber attacks is changing due to the information security technology improvement. The cyber attack that uses the social engineering and targets the end users has been increasing as the organization's systems and networks security controls have been tightened. The 91% of APT(Advanced Persistent Threat) which targets an enterprise or a government agency to get the important data and disable the critical service starts with the spear phishing email. In this paper, we analysed the security threats and characteristics of the spear phishing in detail and explained why the technical solutions are not enough to prevent spear phishing attacks. Therefore, we proposed the administrative prevention methods for the spear phishing attack.

Business Process Reengineering of an Information Exchange Management System for a Nationwide Cyber Threat Intelligence

  • Pramadi, Yogha Restu;Rosmansyah, Yousep;Kim, Myonghee;Park, Man-Gon
    • Journal of Korea Multimedia Society
    • /
    • v.20 no.2
    • /
    • pp.279-288
    • /
    • 2017
  • Nowadays, nations cyber security capabilities play an important role in a nation's defense. Security-critical infrastructures such as national defenses, public services, and financial services are now exposed to Advanced Persistent Threats (APT) and their resistance to such attacks effects the nations stability. Currently Cyber Threat Intelligence (CTI) is widely used by organizations to mitigate and deter APT for its ability to proactively protect their assets by using evidence-based knowledge. The evidence-based knowledge information can be exchanged among organizations and used by the receiving party to strengthen their cyber security management. This paper will discuss on the business process reengineering of the CTI information exchange management for a nationwide scaled control and governance by the government to better protect their national information security assets.

A New Cryptographic Algorithm for Safe Route Transversal of Data in Smart Cities using Rubik Cube

  • Chhabra, Arpit;Singhal, Niraj;Bansal, Manav;Rizvi, Syed Vilayat
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.8
    • /
    • pp.113-122
    • /
    • 2022
  • At the point when it is check out ourselves, it might track down various information in each turn or part of our lives. Truth be told, information is the new main thrust of our advanced civilization and in this every day, "information-driven" world, security is the significant angle to consider to guarantee dependability and accessibility of our organization frameworks. This paper includes a new cryptographic algorithm for safe route traversal for data of smart cities which is a contemporary, non-hash, non-straight, 3D encryption execution intended for having information securely scrambled in the interim having a subsequent theoretical layer of safety over it. Encryption generally takes an information string and creates encryption keys, which is the way to unscramble as well. In the interim in another strategy, on the off chance that one can sort out the encryption key, there are opportunities to unravel the information scrambled inside the information string. Be that as it may, in this encryption framework, the work over an encryption key (which is created naturally, henceforth no pre-assurance or uncertainty) just as the calculation produces a "state" in a way where characters are directed into the Rubik block design to disregard the information organization.

The attacker group feature extraction framework : Authorship Clustering based on Genetic Algorithm for Malware Authorship Group Identification (공격자 그룹 특징 추출 프레임워크 : 악성코드 저자 그룹 식별을 위한 유전 알고리즘 기반 저자 클러스터링)

  • Shin, Gun-Yoon;Kim, Dong-Wook;Han, Myung-Mook
    • Journal of Internet Computing and Services
    • /
    • v.21 no.2
    • /
    • pp.1-8
    • /
    • 2020
  • Recently, the number of APT(Advanced Persistent Threats) attack using malware has been increasing, and research is underway to prevent and detect them. While it is important to detect and block attacks before they occur, it is also important to make an effective response through an accurate analysis for attack case and attack type, these respond which can be determined by analyzing the attack group of such attacks. Therefore, this paper propose a framework based on genetic algorithm for analyzing malware and understanding attacker group's features. The framework uses decompiler and disassembler to extract related code in collected malware, and analyzes information related to author through code analysis. Malware has unique characteristics that only it has, which can be said to be features that can identify the author or attacker groups of that malware. So, we select specific features only having attack group among the various features extracted from binary and source code through the authorship clustering method, and apply genetic algorithm to accurate clustering to infer specific features. Also, we find features which based on characteristics each group of malware authors has that can express each group, and create profiles to verify that the group of authors is correctly clustered. In this paper, we do experiment about author classification using genetic algorithm and finding specific features to express author characteristic. In experiment result, we identified an author classification accuracy of 86% and selected features to be used for authorship analysis among the information extracted through genetic algorithm.

Relative Importance Analysis of Management Level Diagnosis for Consignee's Personal Information Protection (수탁사 개인정보 관리 수준 점검 항목의 상대적 중요도 분석)

  • Im, DongSung;Lee, Sang-Joon
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.8 no.2
    • /
    • pp.1-11
    • /
    • 2018
  • Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.