Research reveals that some “advanced” threats are actually simple to execute
LONDON, UK., May 6, 2014 – Imperva, pioneering the third pillar of enterprise security with a new layer of protection designed specifically for physical and virtual data centers, today released its April Hacker Intelligence Initiative report, “The Non-Advanced Persistent Threat.” The report presents an in-depth view of how some techniques attributed to so-called Advanced Persistent Threats (APTs) require only basic technical skills. The report exposes simple ways that attackers are obtaining access privileges and accessing protected data by targeting weaknesses of the Microsoft NTLM protocol using nothing more than knowledge of common Windows protocols, basic social engineering, and readily available software.
“As our research team reveals in our Hacker Intelligence Initiative Report, some APTs are relatively simple to execute,” said Amichai Shulman, CTO of Imperva. “There needs to be a fundamental shift in how we view APTs and how we protect against them. These types of attacks are difficult to prevent and our report shows that they can be conducted relatively easily. In order to mitigate damage, security teams need to understand how to protect critical data assets once intruders have already gained access.”
The report focuses on the phases of escalating privileges and collecting information, showing how attackers achieve their goals without resorting to zero-day vulnerabilities or sophisticated exploits. This research examines how attacks target commonly known weaknesses in the Windows NTLM protocol, a standard Microsoft authentication protocol. This protocol, while considered weak, is still widely used in corporate environments. The research then shows how attackers can exploit these vulnerabilities to expand their reach within a target organization and access critical data assets. Finally, the report details how organizations can protect themselves and their most sensitive data against the outcomes of such attacks.
Key findings from the report:
– Data breaches commonly associated with APT can be achieved by relatively simple (and commonly available) means, using basic technical skills.
– Built-in Windows functionality, combined with seemingly “innocent” file shares and SharePoint sites, can provide attackers with an entry-point to accessing an organization’s most critical data.
– A mitigation strategy should be implemented that focuses on monitoring the authentication process itself and data access patterns, in addition to tailoring authorization mechanisms for increased security.
Imperva, pioneering the third pillar of enterprise security, fills the gaps in endpoint and network security by directly protecting high-value applications and data assets in physical and virtual data centers. With an integrated security platform built specifically for modern threats, Imperva data center security provides the visibility and control needed to neutralize attack, theft, and fraud from inside and outside the organization, mitigate risk, and streamline compliance. Over 3,000 customers in more than 75 countries rely on our SecureSphere® platform to safeguard their business. Imperva is headquartered in Redwood Shores, California. Learn more: www.imperva.com, our blog, on Twitter.