Targeted attacks
29
Targeted Attacks Presented by :- Ashwin Vamshi (@ashwin_vamshi) Rahul Choudhary (@r3dinf0)
Transcript of Targeted attacks
Targeted Attacks
Presented by :- Ashwin Vamshi (@ashwin_vamshi) Rahul Choudhary (@r3dinf0)
Data shown in this presentation has been collected from various sources. Our intention is to use the collected information for knowledge sharing/awareness purpose only.
A targeted attack refers to a type of threat in which threat actors actively
pursue and compromise a target entity's infrastructure while maintaining
anonymity.
Source: http://www.swirlingovercoffee.com/wp-content/uploads/2014/05/Advanced-Persistent-Threat.png
Early Days …
When is an attack considered a targeted attack?
• When attackers have a specific target in mind
• The main aim of the targeted attack is
to infiltrate the target’s network and steal information from their servers
• The attack is persistent, with the attackers expending
considerable effort to ensure the attack continues beyond the initial network penetration and infiltration of data.
Motives for targeted attacks :-
Information theft Espionage Sabotage
Offensive/Defensive Purpose ??
Key Players !!!
Tools used in Targeted Attacks …
Some more T00ls …
Rubber ducky
Plug Bot
Raspberry Pi
Targeting an individual or
An Organization
Financial Sector
Telecom Sector
Healthcare Sector
Industrial control systems
CEO / CFO / Board Members
:: Targeted Attack CASE STUDY :: Video Demo (Trend micro)
Source: https://www.youtube.com/watch?v=0hs8rc2u5ak
Stages of targeted attack
Source: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cybercriminals-use-what-works.pdf
Stages of targeted attack
Source: http://www.slideshare.net/Sh1n0g1/shinobot-suite?next_slideshow=1
Methodology
• Information gathering from various sources
(i.e. social media sites, developer sites)
• Target behavioral analysis (what are interests?? .. News, Finance, Politics, Business)
• Social engineering tactics
• Crafted attack
• Lots of “PATIENCE” !!!!
Examples !!
!! Cybercrime Operation !!
!! Targeted Attacks !!
!! Advance Persistent Threats !!
Are all these same ??
Case Study :-
https://www.bluecoat.com/security-blog/2015-08-21/tinted-cve-decoy-spearphising-attempt-central-bank-armenia-employees
Case Study : The cybercriminals gathered the email addresses of about 20 employees and sent them emails with malicious PDF/Macro enabled files attached. If a recipient opened the file using Adobe Reader or enable the macro of Microsoft office document (i.e. xls, doc, ppt), the exploit code embedded in the document downloaded a Trojan and resulted into “System Compromise”.
Deceive and Infect
• Targeted emails and documents
• Just click the shortcut: the rar/lnk trick
• Right-to-left extension override trick
• Social Networking tricks
Click & Rar Technique
Right-to-left extension override trick
CASE STUDY :: Targeting a power company
http://www.techinsider.io/red-team-security-hacking-power-company-2016-4
Worth Watching Good Movies : BlackHat 2015 (http://www.dailymotion.com/video/x2qjgqc) Episode Series : Mr. Robots
References :-
APT Archive : https://github.com/kbandla/APTnotes Example of a multistage attack : https://www.virustotal.com/en/ip-address/61.137.223.48/information/ Shadow Force : http://blog.trendmicro.com/trendlabs-security-intelligence/shadow-force-uses-dll-hijacking-targets-south-korean-company/ ShinoBot :http://www.slideshare.net/Sh1n0g1/introduction-of-shinobot-black-hat-usa-2013-arsenal
Q & A
