the evolution of advanced persistent threats · 2014-04-03 · advanced persistent threats...
TRANSCRIPT
EXAMPLES OF APT ATTACKSThe Combination of Attack Elements Are Complex and Evolving Every Day
Watering hole attack + Encrypted data + Target’s
intellectual property (IP) = APT
Zero-day network exploit + Stolen or fraudulent digital signatures + OS
privilege escalation = APT
WHAT CAN CATCH APTsAND WHAT CANNOT
WATCHGUARD APT BLOCKER
© 2014 WatchGuard Technologies. All rights reserved.
www.WatchGuard.com/APTBlocker
*Malwise—An E�ective and E�cient Classi�cation System for Packed and Polymorphic Malware, Deakin University, Victoria, June 2013
ADVANCED PERSISTENT THREATS
Real-time Threat Visibility and Protection in Minutes, Not Hours.
Bringing APT Out From The Shadows
The Evolution of
APT no longer targets huge corporationsand nation-states. Now all companies
are vulnerable, regardless of size.
Operation AuroraTarget: Google Result: Stole source code
January
2010
StuxnetTarget: IranResult: A�ected nuclear-plant operations
June
2010
RSA/LockheedTarget: RSA and Lockheed Martin Result: Stole SecureIDs
March
2011
Duqu Target: Iran, Sudan, Syria, and Cuba Result: Stole digital certi�cations
September
2011
FlameTarget: Countries in Middle EastResult: Data gathering and ex�ltration
May
2012
New York TimesTarget: NY Times Result: Stole data, corporate passwords
January
2013
Adobe BreachTarget: AdobeResult: Stole customer information and data
October
2013
Target BreachTarget: Target Result: Stole customer credit card data
December
2013
EVOLUTION OF APT
ADVANCED PERSISTENT THREATS
Cannot Catch CAN CatchLayered defense,
log analytics and visibility tools, signature-less
detection technologies (next-generation
sandboxing, virtual execution, real-time
reputation)
STANDALONE ANTIVIRUS
ANTISPAM
LEGACY FIREWALLS IPS
APPLICATION
CONTROL
WatchGuard APT Blocker - Available Today On WatchGuard’s Uni�ed Threat Management Platforms.
TargetedAn individual organization, nation state or even speci�c technology is the focus. In�ltration is not accidental.
Persistent It doesn't stop. It keeps phishing, plugging and probing until it �nds a way in to serve malware.
AdvancedAn unknown, zero day attack that has malware payloads and uses kernel rootkits and evasion-detection technologies.
WHAT IS AN ADVANCED PERSISTENT THREAT?
Spear phishing + Kernel rootkit + Custom malware = APT
OF TODAY’S MALWARE can morph to avoid detection by
signature-based antivirus solutions.*88%NEARLY