Recorded Webinar at http://event.on24.com/wcc/r/1117340/BECF92C8BBDF5B51399A8FB934C97054
This Webinar has been hold in Italian language by Luigi Delgrosso and Fabrizio Patriarca.
Please contact them to get additional details and get a visit on site
Despite existing controls, employee endpoints are compromised and are used as pivot points into the enterprise network.
The methods used in APTs and targeted attacks constantly evolve:
New evasive malware designed to bypass security controls
Credentials exposed through sophisticated phishing schemes and 3rd party breach
Compromised endpoints and stolen credentials enable access to networks, systems and data.
Examples of recent events in the news: Sony breach, JPMorgan Chase and the Carbanak APT attack – all these examples involve compromised credentials and advanced malware.
APTs and targeted attacks are currently the biggest concern of enterprise organizations. This slide explains how these attacks unfold:
The attacker can use a spear-phishing email to send an employee a weaponized document (i.e. contains hidden exploit code). When the user opens the document with a viewer (Adobe Acrobat, MS-Word, MS-Excel, etc.) the exploit code executes and exploits an application vulnerability to silently download malware on the employee machine. The employee is never aware of this download.
Another option is to send a user a link to a malicious site. It can be an exploit site: a malicious website that contains an exploit code, or a legitimate website that was compromised (watering hole attack). When the employee clicks on the link and the browser renders the HTML content, the exploit code executes and exploits a browser (or browser plug-in) vulnerability to silently download malware on the employee machine.
The link can also direct the user to a phishing site (a fake web app login page) trying to convince the user to submit his/her corporate credentials.
Once the attacker was able to infect the machine with advanced malware, or compromise corporate credentials, the attacker has a foothold within the corporate network and can advance the attack.
In blue are 5 attack case studies – each bubble leads to a relevant slide.