the hour-by-hour breakdown of a threat actor inside … · title:...

USE THREAT INTELLIGENCE TO KNOW WHEN YOU’RE A TARGET EMPLOY STRICT PATCH MANAGEMENT PROCESSES LEVERAGE BATTLE-TESTED SECURITY TO REDUCE DWELL TIME Quite simply, threat actors are ‘finding the slow gazelle’ in order to know which environment is most susceptible to attack. TARGET OBSERVATION & SELECTION It’s time to plot the attack. The infiltrators organize their assets, finalize their objective and ready their salvo for deployment. DROP THE CROSSHAIRS They’ve quickly identified a vulnerability within your defense. It didn’t take long. A breach is imminent. TARGET YOUR WEAKNESS Once identified, threat actors get to work mapping and detailing your network, users and any critical or valuable data points that may be leveraged for their operation. MAP A BATTLE PLAN Threat actors use gathered intelligence and begin probing identified access points that may offer little resistance to complete their objective. BEGIN THE ATTACK One of the most critical steps, threat actors are careful to mask their behavior and obfuscate their identity as that of a normal or authorized user. HIDE INSIDE NETWORK SHADOWS They’re in. In fewer than six hours, they’ve mapped your network, identified weaknesses and now have access. LET THE DATA FLOW Before they’ve even stolen your data, they’re already planning their escape. This is critical. PLAN EXFILTRATION It’s not bolted down? Steal it. Assuming the threat actors didn’t have a high-value target (e.g., credit cards, ePHI, EMR, PII) already in mind, they’ll likely take as much data as possible and organize it later. STEAL EVERYTHING It’s time to execute the exfiltration plan. They have your data and now it’s time to cut bait and get paid. WALK OUT THE FRONT DOOR You know what’s even more valuable? An unlocked backdoor. Savvy threat actors will set up a path for future access for additional gains. SET UP FUTURE ACCESS If they didn’t already have a pre-arranged buyer, threat actors begin selling off your data — and that of your customers — to the highest bidders on Dark Web message boards, chat rooms, auctions, paste sites and other nefarious communities. SELL YOUR SECRETS US DataVault.com | 615-933-USDV (8738) | @usdv_mhs 1200 FIGHT BACK? HOW DO YOU Once a threat actor is inside your environment, they’re purposeful, strategic and discreet. But how are they so decisive and successful? Follow their eye-opening hour-by-hour journey through your “secure” environment. THE HOUR-BY-HOUR BREAKDOWN OF A THREAT ACTOR INSIDE YOUR ENVIRONMENT xxx xxx 0400 0800 0100 0200 0300 0600 0700 0900 1000 0500 1100

Upload: others

Post on 20-Sep-2020

0 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: THE HOUR-BY-HOUR BREAKDOWN OF A THREAT ACTOR INSIDE … · Title: Armor-12-Hours-of-a-Threat-Actor-Infographic Author: Armor Subject: The Hour-By-Hour Breakdown of a Threat Actor

USE THREAT INTELLIGENCE TO KNOW WHEN YOU’RE A TARGET

EMPLOY STRICT PATCHMANAGEMENT PROCESSES

LEVERAGE BATTLE-TESTED SECURITY TO REDUCE DWELL TIME

Quite simply, threat actors are

‘finding the slow gazelle’ in order

to know which environment is

most susceptible to attack.

TARGET OBSERVATION & SELECTION

It’s time to plot the attack. The

infiltrators organize their assets,

finalize their objective and ready

their salvo for deployment.

DROP THE CROSSHAIRS

They’ve quickly identified

a vulnerability within your

defense. It didn’t take long.

A breach is imminent.

TARGET YOUR WEAKNESS

Once identified, threat actors get to

work mapping and detailing your

network, users and any critical or

valuable data points that may be

leveraged for their operation.

MAP A BATTLE PLAN

Threat actors use gathered

intelligence and begin probing

identified access points that

may offer little resistance

to complete their objective.

BEGIN THE ATTACK

One of the most critical steps,

threat actors are careful to

mask their behavior and

obfuscate their identity as that

of a normal or authorized user.

HIDE INSIDENETWORK SHADOWS

They’re in. In fewer than six

hours, they’ve mapped your

network, identified weaknesses

and now have access.

LET THE DATA FLOW

Before they’ve even stolen your

data, they’re already planning

their escape. This is critical.

PLAN EXFILTRATION

It’s not bolted down? Steal it.

Assuming the threat actors

didn’t have a high-value target

(e.g., credit cards, ePHI, EMR, PII)

already in mind, they’ll likely

take as much data as possible

and organize it later.

STEAL EVERYTHING

It’s time to execute the

exfiltration plan. They have

your data and now it’s time

to cut bait and get paid.

WALK OUT THEFRONT DOOR

You know what’s even more

valuable? An unlocked

backdoor. Savvy threat actors

will set up a path for future

access for additional gains.

SET UP FUTURE ACCESS

If they didn’t already have a

pre-arranged buyer, threat actors

begin selling off your data — and

that of your customers — to the

highest bidders on Dark Web

message boards, chat rooms,

auctions, paste sites and other

nefarious communities.

SELL YOUR SECRETS

US DataVault.com | 615-933-USDV (8738) |

@usdv_mhs

1200

FIGHT BACK?HOW DO YOU

Once a threat actor is inside your environment, they’re

purposeful, strategic and discreet. But how are they so

decisive and successful? Follow their eye-opening

hour-by-hour journey through your “secure” environment.

THE HOUR-BY-HOUR BREAKDOWN OF A THREAT ACTOR INSIDE YOUR ENVIRONMENT

xxx xxx

0400

0800

0100

0200

0300

0600

0700

0900

1000

0500

1100

Point of Sale Threat Actor Attribution Through POS Honeypots · PDF filePoint of Sale Threat Actor Attribution Through POS Honeypots Kyle Wilhoit Sr. Threat Researcher Trend Micro

Inside Threat - files.tyndale.com · INSIDE THREAT // 2 Less than half an hour after that, ... Genesis, whose 1981 Abacab Tour T-shirt he was currently sporting under a heavy, green

Distribution of Roles Actor 1 Actor 2 Actor 3

CYBER THREAT ACTORS: HACKONOMICS...‘Hackonomics’ Economic perspective of hacking Profile cyber threat actors behaviour: - Case study approach to profiling Create threat actor matrix

Covering the global threat landscape - Quick Heal€¦ · global threat landscape ETERNALBLUE: A PROMINENT THREAT ACTOR OF 2017–2018 Pradeep Kulkarni, Sameer Patil, Prashant Kadam

Cyber Threat Operations€¦ · Cyber Threat Operations Deep Cluster (aka Cluster 2, centred on news.foundationssl[.]com) This cluster relates to the threat actor referred to as Deep

Q3 2017 Lookout Mobile Threat Report€¦ · used to spy on victims through compromised mobile devices and desktops. We believe the attack is associated with a threat actor known

Managing Risk in a Dynamic Cyber Environment · •Usually a person trying to gain access to your systems, can be another system •Threat Vector •The path that the threat actor

ACTOR ACTOR INTER- ACTION [AAI] - uffmm.org

[Exercise Name] Actor Briefing [Date] Actor Briefing [Date]

ANKH: Information Threat Analysis with Actor-NetworK Hypergraphs · ANKH: Information Threat Analysis with Actor-NetworK Hypergraphs Wolter Pieters Faculty of Electrical Engineering,

Despite Infighting and Volatility, Iran Maintains ... · intelligence operations, such as those cited in a February 2019 U.S. Department of Justice ... threat actor groups have continued

Twelfth Night - Two Actor Tour - kyshakespeare.comkyshakespeare.com/wp-content/uploads/2018/03/Tweflth-Night-Two... · Twelfth Night Performance This one-hour interactive performance

Security Threat Intelligence Report...Security researchers have disclosed a vulnerability, dubbed StrandHogg 2.0, in the Android operating system that could allow a threat actor to

Detect and Protect - SafePlus Live San Diego...• Along standing threat actor group involved in Operation SMN, named Axiom by Novetta. • Sophisticated, well funded, and possesses

OBSERVATIONS FROM THE FRONT LINES OF THREAT HUNTING€¦ · In January, OverWatch observed an unidentified criminal actor installing a number of malicious tools on compromised hosts

Iranian Threat Actor Amasses Large Cyber …...CYBER THREAT ANALYSIS Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations By Insikt

VB2020 paper: Another threat actor dayANOTHER THREAT ACTOR DAY... JUNG 2 VIRUS BULLETIN CONFERENCE SEPT - OCT 2020 ABSTRACT In December 2019 our team CERT-XLM responded to an incident

OASFiS People Horizon Archive/eh_oct_17.pdf · 2017. 10. 1. · Fairuza Balk (actor) Jennifer Carpenter (actor) Shannon Elizabeth (actor) Daphane Zuniga (actor) Ken Foree (actor)

Wild Neutron - paper.seebug.org · Indicators of Compromise (IOC) A powerful threat actor known as “Wild Neutron” (also known as “Jripbot” and “Morpho“) has been active

Cyber Threat and Vulnerability Analysis of the U.S ... · determined, well-funded, capable threat actor with the appropriate attack vector can succeed to varying levels depending

Why Human-vetted, Phishing-specific Threat Intelligence Is Best - … · 2020. 7. 9. · When the threat actor is already inside your defenses, they can be quite a challenge to detect—and

THREAT ACTOR DOSSIER Cosmic Lynx · of malicious activity, including Emotet and Trickbot banking Trojans, Android click fraud malware, a popular carding marketplace, and Russian fake

2019-06-26 -Final Risk assessment guidelines and template ... · the capabilities and intent of the threat actors: 3.2.1. Main threat actors • non adversary/accidental threat actor,

CYREN Web Security: Zero Hour Detection WebSecurity V3.0 Zero... · 2016. 5. 27. · CWS 3.0 Threat Architecture NG Sandbox Array AV Lab Manual Analysts ATA Labs (Advanced Threat

THREAT ACTOR DOSSIER Silent Starling - Agari

Preparacion del actor (un actor se prepara) Stanislavski

OPTIV THREAT ACTOR INTEL SERIES #1 RUSSIAN COMPUTER ... · OPTIV TREAT ACTOR INTEL SERIES 1 RUSSIAN COMPUTER NETWORK OPERATIONS 3 INTRODUCTION The past year saw Russian cyber operations

Threat Actor Type Inference and Characterization within

Actor Languages Maher –Motivation –Actor –Actor system Bill –Communication mechanism –Structure of Actor languages –Act’s syntax and examples –Actor-based

HPH-Sector Cyber Threat Actor Modeling with Mitre ATT&CK · audience. Threat Briefings & Webinar. Briefing document and presentation that provides actionable information on health

Chinese Threat Actor TEMP.Periscope Targets UK …...threat actor TEMP.Periscope reused publicly reported, sophisticated TTPs from Russian threat groups Dragonfly and APT28 to target

Lebanese Cedar” APT · Lebanese Cedar APT is a stealth threat actor, which is active for more than 8 years. In this report, we uncover the updated malicious activity of this threat

CYBER THREAT ACTORS: HACKONOMICS · 2020. 8. 12. · Extensive literature exists on cyber threat actors. Applying economic analysis to threat actor modelling. – Cost-benefit framework:

Security FIN8 Threat Actor Goes Agile with New Sardonic