Webinar: Advance Persistant Defence

Webinar: Advance Persistant Defence
By: Marcus Carey, RAPID7
Time: 00:30Am - 01:30 Am Thu 08, Dec 2011

In the webinar he was specifically focussing on the overall attacks how APT is spreading.

I am briefing them in this post:

1. Most Attacks require Human Interaction
- Click BAD links / Files
- USB Media
From above there are 29.80% Technical Attacks
70.80% is done by Social Engineering i.e. Attacking mind of user.

Special Note was made that Mass Malware Packs are Publically available and out of which 99%+ of attacks dont involve 0day.

2. Perimeter Exploit Exposure
- MS11-083
Attackers could send UDP data through closed ports
- Network Egress Points
No filtering TCP/UDP
Maintaining Firewall Rules
Legacy rules in place

3. Web Application Long Tail
- Problem
Many 2011 breaches used SQL Injection

- Mitigation
Intense Code Review when Changes are made
Reqular assessment for deployed code

4. Social Engineering
- People open Malicious links/Execuatables
- Can lead to complete compromise of system
- Phishing is the leading cause of compromise (70.8%)