¶ … Persistent Threats (APT) Summit occurred in July of 2011 over two days in Washington DC and was an attempt to bring together the top leaders from the government and from business to help target the influence that such threats pose. The summit also functioned as a means for drafting up ways to protect against the most detrimental APTs and to discuss defense mitigation (rsa.com). Advanced Persistent Threats are essentially "needles in a haystack" and they are small but significant threats that can too easily go undetected in the entire system. The summit did draft up some of the most multi-faceted recommendations. For instance, the summit leaders urged "chief executives in every industry sector not to delay devoting attention and funding to combat advanced threats and to 'plan and act as though you've already been breached.' Lawmakers urged to remove legal barriers that impede information sharing among global security ecosystem.Real-time intelligence sharing, early detection, end-user security training and testing and incident response named key elements to better defend against advanced threats and recover from inevitable cyber attacks" (emc.com, 2011). But the reality is that this summit found the need to compel the RSA to bring an enhanced level of furthered education via dialogue through cyber security, business leaders and government leaders throughout the world, through a range of intensive and advanced threat summits at regularly scheduled intervals throughout the year.
One finding that was highly significant as a finding during this summit was the fact that there was a pronounced transformation in vector shifting with a more pronounced target on people. For instance, it was found that the newest perimeter is that of the individual -- the human being (rsa.com). Another terribly relevant finding was that "Anyone can be phished given the right context -- and attackers have growing access to information about would-be targets through social networking sites that help them identify the right people to go after within the organization and also personalize their attacks" (rsa.com). Furthermore, an enhanced finding demonstrated how user training...
This training needs to be paired up with user restrictions and combined visibility as a more successful means of control (rsa.com).
The vulnerabilities that existed within the system were that the system was too easily compromised. Once a hacker had gained even the most minimal access, he was able to engage the system in a range of full-scale attacks, getting to higher and higher levels of access.
Successful Attack Methods Carried Out
Regarding the authentication breach, the attack methods used in this case revolved around methods of hacking individual employees of the company, rather than the company infrastructure itself. For instance, "The first thing actors like those behind the APT do is seek publicly available information about specific employees -- social media sites are always a favorite. With that in hand they then send that user a Spear Phishing email. Often the email uses target-relevant content; for instance, if you're in the finance department, it may talk about some advice on regulatory controls" (rsa.com, 2011). In this particular case, phishing emails were sent to low profile employees who weren't terribly high value: the subject line of the email read "2011 recruitment plan" (rsa.com, 2011). The email was actually written well enough to trick one of the employees in retrieving it from their junk mail folder and opening up the attached excel file: "The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609). As a side note, by now Adobe has released a patch for the zero-day, so it can no longer be used to inject malware onto patched machines" (rsa.com, 2011). The attacker then set a form of remote administration in place which facilitated the attacker in controlling the machine, giving it access from a remote location (rsa.com, 2011). At this point digital shoulder surfing is established, getting clear on this particular employee's level of access: "One cannot stress enough the point about APTs being, first and foremost, a new…
