Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
¶ … Persistent Threats (APT) Summit occurred in July of 2011 over two days in Washington DC and was an attempt to bring together the top leaders from the government and from business to help target the influence that such threats pose. The summit also functioned as a means for drafting up ways to protect against the most detrimental APTs and to discuss defense mitigation (rsa.com). Advanced Persistent Threats are essentially "needles in a haystack" and they are small but significant threats that can too easily go undetected in the entire system. The summit did draft up some of the most multi-faceted recommendations. For instance, the summit leaders urged "chief executives in every industry sector not to delay devoting attention and funding to combat advanced threats and to 'plan and act as though you've already been breached.' Lawmakers urged to remove legal barriers that impede information sharing among global security ecosystem.Real-time intelligence sharing, early detection, end-user security training and testing and incident response named key elements to better defend against advanced threats and recover from inevitable cyber attacks" (emc.com, 2011). But the reality is that this summit found the need to compel the RSA to bring an enhanced level of furthered education via dialogue through cyber security, business leaders and government leaders throughout the world, through a range of intensive and advanced threat summits at regularly scheduled intervals throughout the year.
One finding that was highly significant as a finding during this summit was the fact that there was a pronounced transformation in vector shifting with a more pronounced target on people. For instance, it was found that the newest perimeter is that of the individual -- the human being (rsa.com). Another terribly relevant finding was that "Anyone can be phished given the right context -- and attackers have growing access to information about would-be targets through social networking sites that help them identify the right people to go after within the organization and also personalize their attacks" (rsa.com). Furthermore, an enhanced finding demonstrated how user training...
This training needs to be paired up with user restrictions and combined visibility as a more successful means of control (rsa.com).
The vulnerabilities that existed within the system were that the system was too easily compromised. Once a hacker had gained even the most minimal access, he was able to engage the system in a range of full-scale attacks, getting to higher and higher levels of access.
Successful Attack Methods Carried Out
Regarding the authentication breach, the attack methods used in this case revolved around methods of hacking individual employees of the company, rather than the company infrastructure itself. For instance, "The first thing actors like those behind the APT do is seek publicly available information about specific employees -- social media sites are always a favorite. With that in hand they then send that user a Spear Phishing email. Often the email uses target-relevant content; for instance, if you're in the finance department, it may talk about some advice on regulatory controls" (rsa.com, 2011). In this particular case, phishing emails were sent to low profile employees who weren't terribly high value: the subject line of the email read "2011 recruitment plan" (rsa.com, 2011). The email was actually written well enough to trick one of the employees in retrieving it from their junk mail folder and opening up the attached excel file: "The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines" (rsa.com, 2011). The attacker then set a form of remote administration in place which facilitated the attacker in controlling the machine, giving it access from a remote location (rsa.com, 2011). At this point digital shoulder surfing is established, getting clear on this particular employee's level of access: "One cannot stress enough the point about APTs being, first and foremost, a new…
References
Cohen-Abravanel, D. (2013, April 22). Spear Phishing Emails -- Can You Really Prevent Them? Retrieved from Seculert.com: http://www.seculert.com/blog/2013/04/spear-phishing-emails.html
Emc.com. (2011). Cyber Security Leaders Rally to Combat Advanced Persistent Threats. Retrieved from Emc.com: http://www.emc.com/about/news/press/2011/20110913-01.htm
Rsa.com. (2011, April). Anatomy of an Attack. Retrieved from Rsa.com: https://blogs.rsa.com/anatomy-of-an-attack/
Rsa.com. (2011). APT Summit findings. Retrieved from Rsa.com: http://www.rsa.com/innovation/docs/APT_findings.pdf
The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored
Cyber Security/Cloud Computing Consider a recent cyber security breach (specific event) and address the following questions: Describe the circumstances involved Monster Com: Confidential information of 1.3 million job seekers was stolen and used in a phishing fraud Monster.Com, a United States online recruitment site reported in 2008 that hackers broke into the site using password-protected resume library. They used credentials that Monster Worldwide Inc. claims were stolen from some of its clients. Reuters reported
Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met
Cybersecurity Vulnerability What are Vulnerabilities? Hardware attacks because of Vulnerabilities Hardware Data modification / injection The Scientist Argument Secure Coprocessing How organizations can best address its potential impacts Cybersecurity Vulnerability: Hardware Weakness This essay introduces the role that computer hardware weakness opens the door up for attack in cyber-physical systems. Hardware security -- whether for attack or defense -- is not the same as software, network, and data security on account of the nature of hardware. Regularly, hardware
The level and sophistication of this attack on the Department of Defense's systems suggests that professionals conducted this attack with significant resources at their disposal and an interest in the national security secrets of the United States. The data mining operation was so successful that, while detected, still managed to make-off with a significant amount of information. Since the attack, the United States responded in a number of critical ways.
Cyber Security Ethical issues associated with ransomware It is only natural that people who are known to you will send you messages through your email address. It is lost on me how those engaging in ransomware business access information about their potential victims like the email address as to send you messages that have been infected that when opened infect the whole computer. These people engage in irregular activities. For the residents