Professional Documents
Culture Documents
Lau Boon Peng Advance Persistent Threats
Lau Boon Peng Advance Persistent Threats
A Technical Analysis
FireEye, Inc.
The New Threat Landscape
Cyber-espionage
and Cybercrime
• accelerating
Nature of threats changing
Zero-day
Bots
Targeted Attacks
Dynamic Trojans
–– High
Fromprofile
broad victims
to targeted
common Worms
Stealth Bots
Viruses
(e.g., RSA, Symantec, Google) 2004 2006 2008 2010 2012
Multi-Vector
• Web, email or files
Multi-Stage
• Exploit to exfiltration
Malicious Exploits
Web server, or
16 Web 2.0 site
Attack & Drop Zones Command and Control
Compromised
Spread
Public Internet
1 12 13 51 14
Initial Infected Further Updated Call
Request Content Infection Exploits Back
Enterprise
NGFW FW
Web-based
Attacks
Malicious
SWG AV Files
Callback Server
Spear
Phishing
Email
1 Spear phish attack exploits PC
More than 50% use malicious URLs
Attachments: PDF, PPT, XLS and DOC
Targeted mid- & high-level energy execs 3 1
Also targeted Vendors (Investment Bankers,
Oil & Gas Service companies)
3 Callbacks
Second phase
related objects and callbacks
to RSA intrusion 2 Exploit in ZIP
linked
Data to initial
exfiltration exploit
commences Sensitive data Mail Servers
Passwords
60%
50%
Median is about
40%
450 incidents/week/Gbps
30%
10 100 1,000 10,000 100,000
20%
Source: FireEye Advanced Threat Report, Feb. 2012
0%
Crimeware Hacktivists
APT Actors
Actors
(nation state
(cyber crime (Anonymous,
threats)
gangs) LulzSec)
APT Crimeware
Actors Actors
Sell compromised
systems (access &
control over)
Malware Malware
Protection Protection
• Exploit,
real-timecallback, andwith
protections payload
deep
Malware
Protection
Twitter @fireeye
www.fireeye.com
31
Sign Up for a Free FireEye Security Assessment
http://www.fireeye.com/stopapts
32