Research reveals that some “advanced” threats are actually simple to execute

Imperva Inc. has released its April Hacker Intelligence Initiative report, "The Non-Advanced Persistent Threat." The report presents an in-depth view of how some techniques attributed to so-called Advanced Persistent Threats (APTs) require only basic technical skills. The report exposes simple ways that attackers are obtaining access privileges and accessing protected data by targeting weaknesses of the Microsoft NTLM protocol using nothing more than knowledge of common Windows protocols, basic social engineering, and readily available software.

  • 10 years ago Posted in

"As our research team reveals in our Hacker Intelligence Initiative Report, some APTs are relatively simple to execute,” said Amichai Shulman, CTO of Imperva. “There needs to be a fundamental shift in how we view APTs and how we protect against them. These types of attacks are difficult to prevent and our report shows that they can be conducted relatively easily. In order to mitigate damage, security teams need to understand how to protect critical data assets once intruders have already gained access.”


The report focuses on the phases of escalating privileges and collecting information, showing how attackers achieve their goals without resorting to zero-day vulnerabilities or sophisticated exploits. This research examines how attacks target commonly known weaknesses in the Windows NTLM protocol, a standard Microsoft authentication protocol. This protocol, while considered weak, is still widely used in corporate environments. The research then shows how attackers can exploit these vulnerabilities to expand their reach within a target organization and access critical data assets. Finally, the report details how organizations can protect themselves and their most sensitive data against the outcomes of such attacks.


Key findings from the report:
· Data breaches commonly associated with APT can be achieved by relatively simple (and commonly available) means, using basic technical skills.
· Built-in Windows functionality, combined with seemingly “innocent” file shares and SharePoint sites, can provide attackers with an entry-point to accessing an organization’s most critical data.
· A mitigation strategy should be implemented that focuses on monitoring the authentication process itself and data access patterns, in addition to tailoring authorization mechanisms for increased security.
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...