ICT Security: Defence strategies against targeted attack
-
Upload
daniele-bellavista -
Category
Engineering
-
view
96 -
download
2
description
Transcript of ICT Security: Defence strategies against targeted attack
![Page 1: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/1.jpg)
ICT SECURITY: DEFENCE STRATEGIES AGAINST TARGETED ATTACKSRELATORE: Prof. Franco CallegatiCORRELATORE: Ing. Marco RamilliPRESENTATA DA: Daniele Bellavista
![Page 2: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/2.jpg)
INTERNSHIP AT AEPI INDUSTRIE, IMOLA● Defined a defence service for an external company
(referred as ACME corporation).● Analyzed model and taxonomies of cyber attacks
and defence methodologies.● Implemented a simulated cyber attack as part of
the defence service.● Proposed a defence strategy against targeted
attacks and applied it to clean existing infections and to detect new threats.
ICT SECURITY: DEFENCE STRATEGIES AGAINST TARGETED ATTACKS
![Page 3: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/3.jpg)
FROM OPPORTUNISTIC TO TARGETED ATTACK
● Cyber attacks targeting any vulnerable system are called opportunistic.
● In the last few years, a new kind of attack, called targeted, is spreading.
● Targeted attacks were once directed against nations or military organizations.
● Now, cyber criminals are targeting companies to compromise their services and steal their data.
![Page 4: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/4.jpg)
CYBER CRIME: OPPORTUNISTIC AND TARGETED ATTACKS
OPPORTUNISTIC ATTACKS:● Target any vulnerable
systems for general motives (e.g. money)
● Thousands of malware variants
● Common● Poor social engineering
techniques● Advanced knowledge NOT
required
TARGETED ATTACKS:● Specific target (company,
nation), motives are fulfilled by compromising the target
● Unknown and unseen malware
● Rare● Advanced social
engineering techniques● Requires advanced
knowledge and complex attack process
![Page 5: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/5.jpg)
MODELS FOR THE ATTACK PROCESS
RECONNAISSANCE WEAPONIZATION
ACTIONS ON OBJECTIVE
EXPLOITATION
INSTALLATIONCOMMAND AND CONTROL
DELIVERY
INCURSION DISCOVERY CAPTURE DATA EXFILTRATION
![Page 6: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/6.jpg)
TARGETED ATTACK AGAINST ACME
Many papers claim that targeted attacks are able to bypass conventional defence systems.
THE ATTACK● Information gathering to know involved defence
systems, email addresses, names and communication protocols.
● Multi-staged malware to bypass defence systems. First stage deployed physically, the second via email.
RESULT● Bypassed every defence system.● Performed keylogging and file stealing.
![Page 7: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/7.jpg)
● Signature based detection doesn’t work against unseen malware.
● Automatic behavior detection can be fooled by complex malware.
● Defence systems focus was to narrow.
● Defence systems didn’t take into account the whole attack process.
WHY DID DEFENCE SYSTEMS FAIL?
![Page 8: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/8.jpg)
DEFENCE SERVICES● Defence against opportunistic attacks: they still are
the most numerous cyber attacks and IDSs can counter them.
● Defence from unknown attacks: exploit of rules and policies to define detection of suspicious events for further analysis.
● Systems check: analysis and test of existing systems.
PROPOSAL● HAZARD: a business process.● WASTE: a conceptual framework, used by HAZARD.
DEFENCE STRATEGY AS SERVICES OFFERED BY A SECURITY TEAM
![Page 9: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/9.jpg)
DEFENCE STRATEGY: ANALYSIS OF SUSPICIOUS EVENTS
WASTE: Warning Automatic System for Targeted Events● Detection of malicious events is based on
automatic auditing of system or network events.
● Some events are not malicious per se, but may be suspicious in the company context.
● WASTE is a conceptual framework to define detection methods for suspicious events.
● The architecture cannot be defined a priori.
![Page 10: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/10.jpg)
WASTE use cases
![Page 11: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/11.jpg)
HAZARD: BUSINESS PROCESS FOR CYBER ATTACKS DEFENCE
HAZARD: Hacking Approach for Zealot Attack Response and Detection
ACTORS:● Analysis Team● Detection Team● Vulnerability Team● Hacking Team● Company IT
PROCESSES:● Incident Analysis● WASTE warning analysis● WASTE issues managements● Vulnerability Assessment● Targeted attack evaluation● Targeted attack test
HAZARD is studied to share information between actors in order to provide an effective defence strategies against targeted attacks.
![Page 12: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/12.jpg)
![Page 13: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/13.jpg)
DEFENCE STRATEGY APPLICATION INSIDE ACME: RESULTS
● Found some opportunistic malware programs reported as non malicious by the IDS.
● No sign of targeted attacks was found.● Reduction of infection events reported by the IDS.
![Page 14: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/14.jpg)
FURTHER WORKS
● Use HAZARD for information sharing to better understand targeted attacks.
● Test the defence strategy against a real targeted attack:○ How to test if a defence approach is
effective against a targeted attack?
![Page 15: ICT Security: Defence strategies against targeted attack](https://reader035.fdocuments.us/reader035/viewer/2022081813/549eedc7ac795947768b48f4/html5/thumbnails/15.jpg)
ICT SECURITY: DEFENCE STRATEGIES AGAINST TARGETED ATTACKSDaniele Bellavista
GRAZIE PERL’ATTENZIONE