Undermining security infographic
1
ONLY A TEST PROOF OF CONCEPT 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010 011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110 100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110 000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100 101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011 110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000 101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110 010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101 101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111 101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101 111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100 001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100 001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001 011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011 101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101 100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100 011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110101011111010100111010100011 STOLE PRIVATE KEYS 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010 011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110 100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110 000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100 101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011 110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000 101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110 010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101 101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111 101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101 111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100 001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100 001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001 011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011 101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110 110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011 010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101 100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100 011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110101011111010100111010100011 GAINED ACCESS ATTACK STAGE 2 EXPANDED FOOTHOLD ATTACK STAGE 3 ATTACK STAGE 4 EXFILTRATED DATA WARNING APT18’s test attack was vastly successful in stealing data by undermining the existing security systems. What will be their next target? Have you protected your keys and certificates from misuse, such as a Heartbleed compromise, malware, or other exploits? PROTECT YOUR BUSINESS 1 Learn how to protect your business at www.venafi.com/apt18-attack 2 3 4 Secure: Find all keys and certificates Enforce: Apply policies and workflow requirements Detect: Identify changes, misuse, and anomalies Respond: Replace keys and certificates automatically THE ATTACKERS EXFILTRATED DATA USING SSL Most security controls do not conduct SSL inspection or have ALL of the keys necessary to decrypt ALL traffic, leaving a huge blind spot. ATTACKERS BYPASSED SECURITY CONTROLS Used encrypted SSL/TLS communications to bypass security controls, including DLP, IDS/IPS, threat detection, sandboxing, etc. ONCE IN, ATTACKERS WORKED TO ELEVATE PRIVILEGES AND EXPAND ACCESS Stole or created new SSH keys and certificates for future backdoor access and exfiltration of data. ATTACKERS BYPASSED SECURITY CONTROLS Including firewall, authentication, VPN and privileged access controls by using stolen keys and certificates to hide their activity. THE ATTACKERS BREACHED THE COMPANY Using stolen private keys and VPN credentials. The private keys were used to decrypt live data. ATTACKERS BYPASSED SECURITY CONTROLS Circumventing firewalls, authentication, and other security controls. NAME ID SSN ADDRESS Attackers used HEARTBLEED To compromises private keys. ATTACKERS BYPASSED SECURITY CONTROLS In addition to Heartbleed, they could have used any of the millions of malware variants that steal keys and certificates to bypass security controls. KEYS & CERTIFICATES INTRODUCTION As reported by Time, Bloomberg, and others, known Chinese cyber-espoinage operator, APT18, compromised a Fortune 200 American health services organization and stole data on 4.5 million patients. ATTACKERS BYPASSED SECURITY CONTROLS Using compromised keys and certificates. ATTACK STAGE 1 APT 18 UNDERMINING SECURITY THE BAD GUYS HAVE TESTED A POWERFUL PROOF-OF-CONCEPT ATTACK AND PROVEN IT WORKS. WILL YOU BE THE NEXT TARGET?
Transcript of Undermining security infographic
ONLY A TEST
PROOF OF CONCEPT
11010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101010111110101001110101000110
STOLE PRIVATE KEYS
11010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110100101010110101000100001000110101001001011011001111011100110110000000110000011111111110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101110010010101000010101111101010011101010001101110111010010101011010100010000100011010100100101101100111101110011011000000011000001111111111001001010100001010111110101001110101000110111011101001010101101010001000010001101010010010110110011110111001101100000001100000111111111100100101010000101011111010100111010100011011101010111110101001110101000110
GAINED ACCESSATTACK STAGE 2
EXPANDED FOOTHOLDATTACK STAGE 3
ATTACK STAGE 4
EXFILTRATED DATA
WARNING APT18’s test attack was vastly successful in stealing data by undermining the existing security systems.
What will be their next target? Have you protected your keys and certificates from misuse, such as a Heartbleed compromise, malware, or other exploits?
PROTECT YOUR BUSINESS 1
Learn how to protect your business atwww.venafi.com/apt18-attack
2
3
4
Secure: Find all keys and certificates
Enforce: Apply policies and workflow requirements
Detect: Identify changes, misuse, and anomalies
Respond: Replace keys and certificates automatically
THE ATTACKERS EXFILTRATED DATA USING SSLMost security controls do not conduct SSL inspection or have ALL of the keys necessary to decrypt ALL traffic, leaving a huge blind spot.
ATTACKERS BYPASSEDSECURITY CONTROLSUsed encrypted SSL/TLS communications to bypass security controls, including DLP, IDS/IPS,threat detection, sandboxing, etc.
ONCE IN, ATTACKERS WORKED TO ELEVATE PRIVILEGES AND EXPAND ACCESSStole or created new SSH keys and certificates for future backdoor access and exfiltration of data.
ATTACKERS BYPASSEDSECURITY CONTROLSIncluding firewall, authentication, VPN and privileged access controls by using stolen keys and certificates to hide their activity.
THE ATTACKERSBREACHED THE COMPANY Using stolen private keys and VPN credentials. The private keys were used to decrypt live data.
ATTACKERS BYPASSEDSECURITY CONTROLSCircumventing firewalls, authentication, and other security controls.
NAME
IDSSNADDRESS
Attackers used
HEARTBLEEDTo compromises private keys.
ATTACKERS BYPASSEDSECURITY CONTROLSIn addition to Heartbleed, they could have used any of the millions of malware variants that steal keys and certificates to bypass security controls.
KEYS & CERTIFICATESINTRODUCTION
As reported by Time, Bloomberg, and others, known Chinese cyber-espoinage operator, APT18, compromised a Fortune 200 American health services organization and stole data on 4.5 million patients.
ATTACKERS BYPASSED SECURITY CONTROLSUsing compromised keys and certificates.
ATTACK STAGE 1
APT 18
UNDERMININGSECURITYTHE BAD GUYS HAVE TESTED A POWERFUL PROOF-OF-CONCEPT ATTACK AND PROVEN IT WORKS. WILL YOU BE THE NEXT TARGET?
![[Infographic] Integrated Security Systems vs. Physical Security](https://static.fdocuments.net/doc/165x107/58a97e831a28ab0a0a8b649d/infographic-integrated-security-systems-vs-physical-security.jpg)
