Urgenthomework Logo
UrgentHomeWork
+1-617-874-1011 (US)
help@urgenthomework.com
Live chat
Download as:
Rating : ⭐⭐⭐⭐⭐
Price: $10.99
Language:EN
Pages: 13

Advanced persistent threat fancy bearcommon tactics

The Cybersecurity Threat Landscape Group Assignment

Advanced Persistent Threat 28- Fancy Bear

ADVANCED PERSISTENT THREAT 28- FANCY BEAR

Introduction:

Another factor contributing to Cybersecurity breaches is the availability of knowledge presented on the internet to exploit or hack a system. The internet can provide detailed instructions on downloading and using a tool that could compromise an organization’s security while keeping the hacker’s anonymity. A hacker can track and exploit personal passwords or deliver a phishing email utilizing just a few programs. If the link in that email gets clicked, the hacker can be in your system without detection. It is crucial that we understand the Threat Landscape and what is out there to help avoid compromise of company data. The most common types of hack on business today are:

“Hacking passwords: Can be as easy as an educated guess or through the use of a “brute force attack” until they can generate the correct password. (Diedrich, 2019)”
“Phishing: This is where the user receives an email with an infected link. When a person clicks on this link, a virus or malware is released that infects the device and can spread through the network until it is contained. (Diedrich, 2019)”
“Man-in-the-Middle Attack: This is where the attacker hijacks the traffic between two network devices by substituting one of the devices’ IP addresses with a fake one, enabling the messages being transmitted to be intercepted and retrieved. (Diedrich, 2019)”
“Rootkit: Intended to gain administrative rights and access to a network device. Once installed, hackers have full and unrestricted access to the device and can execute any action such as spying on users or stealing confidential information without being noticed. (Diedrich, 2019)
“Computer Viruses: Are software designed to spread among devices within a network rapidly. Depending on its purpose, ransomware can infect, edit, or delete files. Hackers also use computer viruses to send spam messages. (Diedrich, 2019)”

Over the last few years, there has been an increase in devices connected to the internet.

These devices are called the Internet of Things (IoT). “This includes everything from cell phones, headphones, coffee makers, wearable devices and almost anything else you can think of.” (Morgan, 2014) With new technology, billions of devices are connected to the internet each day and with no security in mind when developing them.

Figure 1 – Threat Landscape Mapping (Cybersecurity, 2021)

Cybercriminals’ main goal is to achieve cash and steal data or personal information to sell it to the highest bidder and profit. Cybercriminals have many ways to achieve their goals, but the main two are Phishing and Ransomware. Phishing is a social engineering attack where one is tricked into giving out personal information, whether it be login or credit card information. The majority of the time, Phishing emails are sent from companies or people pretending to be someone they are not. Ransomware is where your information or computer files are held hostage, and the user would have to pay a fee to receive that information back. Both of these Cybercriminal tactics are used to achieve monetary gain.

Insider threats are the hardest to predict. They can be from other employees in your company. These types of Threat Actors can be deliberate or intentional. They are the hardest to spot and usually have the most access to a company’s network. They typically can work around all of an organization’s cybersecurity framework, making them a more significant threat.

Threat actors use many different types of exploit vectors and vulnerabilities. A Vulnerability is a flaw in a system, leaving it open to be exploited or a weakness in a computer system itself that leaves information security exposed to a threat. Here are some vulnerabilities that can leave a system open to threat actors: Missing data encryption, OS command injection, SQL injection, Buffer overflow; Missing authorization, Unrestricted upload of dangerous file types, and Reliance on untrusted inputs in a security decision.

An exploit Vector is Software Vulnerability or Security flaws. An attacker can access a network to deliver a payload or adverse outcomes such as viruses, Trojan horses, Worms, and Spyware. (Foster, 2020) A good Administrator that knows Network hardening and has a foundation in the education of Cybersecurity can prevent these types of attacks from occurring.

network undetected for a long period of time to obtain as much information as possible about a country, organization, or group. The APT is different from your traditional Threat Actors, who have more of a grab-and-go philosophy. APTs choose more significant and challenging targets with longer-term goals. Regarding the APT 28, “Fancy Bear,” the targets seemed to be of Russian origin.

Analysis, Description, and Tactics of APT 28

After APT was able to infiltrate their spear-phishing tactic successfully, they would start to exploit and enumerate a target with malware tools. For APT 28, the malware tools of choice were SOURFACE, CHOPSTICK, and CORESHELL (FireEye, 2014). APT 28’s developers were experienced with computers and knew their tools could easily be compromised, so they ensured that they continually updated tools over their seven years reign (2007-2014). APT 28 was effective after a successful spear-phishing attempt in which the SOURFACE downloader contacted a command and control (C2) server for the 2nd stage payload enabling continued and long-term exploitation (FireEye, 2014).

Through much research by the European Union and after reviewing the spear-phishing emails and malware collection, it was proven that it was from a Russian affiliated group. They determined this by seeing that the attackers were fluent in English and Russian from the spear-phishing emails to Caucasus journalists. They were also able to investigate the time the malware was derived, indicating a workday of UTC +4.

Part 3: Cybersecurity Tools, Tactics, and Procedures completed by Jovan.

Cybersecurity attacks have increased in recent years. Both individuals and organizations have become mindful of the importance of evolving to adapt to new cyber threats to secure network infrastructure. However, Cybersecurity is a broad term that comprises many tools, tactics, techniques, and procedures available to an organization. There are many modern systems, strategies, and algorithms that still lack the means to keep cyber dangers at bay. Utilizing the top-down approach or outside-in model, an organization will create a protective perimeter around their intellectual property and other sensitive data.

ADVANCED PERSISTENT THREAT 28- FANCY BEAR

.

The email document contained embedded malware links and code that installed a customized version of SOURFACE, CHOPSTICK, and CORESHELL onto the system. Once installed, SOURFACE obtains a second-stage backdoor from a command and control (C2) server. The C2 server is used to obtain the second-stage payload used for “reconnaissance, monitoring, credential theft, and shellcode execution,” as depicted in Figure 2 (FireEye, 2014)

Part 4: Machine Learning and Data Analytics completed by Jovan.

Machine learning (ML) is a component of artificial intelligence that consists of systems that can learn and improve from data with minimal human intervention instead of being preprogrammed with specific and limiting instructions (IBM Cloud Education, 2020). The goal of ML is to allow computers to learn and make decisions the same way a human would, but their response time and methods would be faster and more effective. ML uses data analytics to analyze and process massive amounts of data. Data analytics is the process of “extracting data and categorizing it to derive various patterns, relations, connections, and other such valuable insights” (IntelliPaat, 2017). ML can identify patterns, differences, and similarities in a system to verify the desired result. ML will continuously evolve, learn, and adapt as it continues to see more and more data, which will improve the accuracy of its decisions (IBM Cloud Education, 2020). There are two popular and widely adopted ML methods in use today, known as
supervised and unsupervised learning. Supervised learning algorithms are trained by processing data that is labeled as the known or desired output. For example, a computer vision ML algorithm used to identify and track an endangered tiger in the wild would be trained with a data set of tiger images (SAS Institute, n.d.). The images would be labeled as correct and incorrect outputs so the ML algorithm can compare both with its known output to identify errors and modify the model. By doing so, the supervised learning algorithm will not only learn to identify the specified target accurately, but it can also use the historical data to predict animal behavior.

ML can be used in the cybersecurity field to examine the mountains of data from malware attacks, incident reports, and alerts to identify potential threats better, recommend action, and react to those threats without human interaction. According to Gottsegen (2020), there were more than 10.5 billion malware attacks with massive amounts of data in 2018. In 2018, Microsoft employed ML in their Windows Defender Advanced Threat Protection platform to detect, prevent, and protect Windows operating systems from dangerous malware (Microsoft, 2018). The malware in question is called Emotet, named after the Ancient Egyptian King, designed initially as a banking malware installed onto your computer and stole sensitive and private information. Microsoft uses client-side and cloud-side ML models to instantly and automatically protect the systems the software is installed on (Microsoft, 2018). Many other cybersecurity companies, such as Chronicle, Splunk, and SQRRL, utilize ML to identify malicious software, websites, and network activity (Gottsegen, 2020).

Part 5: Using Machine Learning and Data Analytics to Prevent APT completed by Kellsey.

known malware and spoofed websites (Jareth, 2020). However, with the cross-referencing

method the antivirus software can only detect malware that has been entered into its database.

names and detect malware (Jareth, 2020). There are some issues that any antivirus scanner

software would need to overcome before it is the primary means of defense, but the possibility of

 For the APT your group studied, were there identifiable harms to privacy or property? How are these harms linked to C-I-A? If not, what ethically significant harms could result from the scenario your group researched?

-For the APT28 they were identifiable harms to privacy and property because they were breaching government property by launching surgical attacks on the network infrastructure. Also, this APT was compromising high ranking officials’ logins and passwords, important documents, and maintaining a backdoor for continued attacks. A form cyberthreats to privacy includes identity theft, hacking information for blackmailing, extortion, and other forms unethical manipulation of people’s will (Manjikian, 2017). Property harm is best described as cyber intrusion of stealing valuable property trade secrets, passwords, or causing damage to an organization digital or physical property (Manjikian, 2017).

Identifiable harms are linked to this part of the triad because if an authorized user is accessing sensitive information but is not aware that his account has been compromised; the individual would be giving the cyber attackers all the information they need as they monitor the workstation.

 For the APT your group studied, when the targeted organization identified the breach, was the disclosure made with transparency? Do you feel the organization acted ethically? Why or why not?

ADVANCED PERSISTENT THREAT 28- FANCY BEAR

References

Diedrich, S. (2019, July 19). 10 Types of Network Security Attacks. Retrieved from NewCloud Blog: https://blog.newcloudnetworks.com/10-types-of-network-security-attacks

FireEye. (2014, October 27). FireEye. Retrieved from APT28: A Window into Russia’s Cyber Espionage Operations: https://www.fireeye.com/blog/threat-
research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html

Harris, D. K. (2020, September 16). The changing threat landscape in today’s Cybersecurity. Retrieved from Security Magazine:

12

Manjikian, M. (2017). Cybersecurity Ethics: An Introduction (1st ed.). Routledge.

Microsoft. (2018, February 14). How artificial intelligence stopped an Emotet outbreak. Microsoft Security. https://www.microsoft.com/security/blog/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/

What is the CIA Triad? (2020, March 25). Forcepoint. https://www.forcepoint.com/cyber-edu/cia-triad

Wittkop, J. (2020, September 2). What Is Data Protection? Www.intelisecure.com. https://www.intelisecure.com/what-is-data-protection/

Urgenthomework Logo
  Urgent HomeWork
Quick Links
Quick Links
Follow Us
Copyright © 2009-2023 UrgentHomework.com, All right reserved.