Abstract
Cyber security has gained high level of attention due to its criticality and increased sophistication on organizations network. There is more number of targeted attacks happening in recent years. Advanced Persistent Threats (APTs) are the most complex and highly sophisticated attack in present scenario. Due to the sophistication of these attacks, it can be able to bypass the deployed security controls and more stealthily infiltrate the targeted internal network. Detection of these attacks are very challenging because they treated normal behaviors to hide itself from traditional detection mechanism. In this paper, we analyze the 26 APT campaigns reports and shows the different methods and techniques that are used by attacker to perform the sophisticated attacks. Our research is mainly focused on the three levels of investigation of APT campaigns that give some common characteristics of them such as APT attack usage zero-day vulnerability or not. Furthermore, according to their characteristics, we propose a novel approach that is capable to early detection of APTs and also suggest concrete prevention mechanism that make it possible to identify the intrusions as early as possible.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Mandiant: M-trends—a view from the front lines. Mandiant, Technical Report (2015)
Tankard, C.: Advanced persistent threats and how to monitor and deter them. 2011(8), 16–19 (2011)
Kaspersky Lab: ZAO. Red October diplomatic cyber-attacks investigation (2014). http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
Mandiant Intelligence Center: Apt1: exposing one of China’s cyber espionage units. Technical Report, Mandiant (2013)
Ronald, D., Rafal R.: Tracking ghost net: investigating a cyber-espionage network. Inf. Warf. Monitor, 6 (2009)
Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat. In: Research in Attacks, Intrusions, and Defenses, pp. 64–85. Springer, Berlin (2012)
Chien, E., OMurchu, L., Falliere, N.: W32.Duqu: the precursor to the next stuxnet. In: 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Berkeley, CA, USENIX (2012). https://www.usenix.org/w32duqu-precursor-next-stuxnet
TrendLabs: Spear-Phishing Email: Most Favored APT Attack Bait (2012)
Will Gragido: Lions at the watering hole the VOHO affair (2012). http://blogs.rsa.com/lions-at-the-watering-hole-the-voho-affair
Haq, T., Khalid, Y.: Internet explorer 8 exploit found in watering hole campaign targeting Chinese dissidents (2013)
Kindlund, D., et al.: Operation Snowman: deputydog actor compromises US veterans of foreign wars website (2014)
Brewer, R.: Advanced persistent threats: minimising the damage. Netw. Secur. 4, 5–9 (2014)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)
McAfee Labs: Protecting your critical assets: lessons learned from operation aurora (2010)
Uri Rivner: Anatomy of an attack (2011). https://blogs.rsa.com/anatomy-of-an-attack
World most popular data breaches (2015). http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks
Baumgartner, K., Raiu, C.: The Cozy-Duke APT, Kaspersky Lab, April 2015
Kaspersky Labs: Global Research and Analysis Team. miniduke-is-back-nemesis-gemina-and-the-botgen-studio, July 2014
Kaspersky Labs: Global Research & Analysis Team. The Darkhotel APT—a story of unusual hospitality, Nov 2014
Kaspersky Labs: Global Research & Analysis Team. turla-apt-exploiting-satellites, Sept 2015
Kaspersky Labs: Global Research & Analysis Team. epic-turla-snake-malware-attacks (2015)
Kaspersky Labs: Global Research & Analysis Team. Energetic bear: more like a Crouching Yeti, July 2014
Kaspersky Labs: Global Research & Analysis Team. Adwind: malware-as-a-service platform (2014)
Kaspersky Labs: Global Research & Analysis Team. New activity of the blue termite APT, August 2015
Kaspersky Labs: Global Research & Analysis Team. Sofacy APT hits high profile targets with updated toolset, Dec 2015
Kaspersky Labs: Global Research & Analysis Team. Equation: the death star of malware galaxy, Feb 2015
Kaspersky Labs: Global Research & Analysis Team. NetTraveler is back: the ‘red star’ APT returns with new tricks, Sept 2013
Kaspersky Labs: Global Research & Analysis Team. The Duqu 2.0, June 2015
Kaspersky Labs: Global Research & Analysis Team. Wild neutron—economic espionage threat actor returns with new tricks, July 2015
Kaspersky Labs: Global Research & Analysis Team. Winnti FAQ. More than just a game, April 2013
Kaspersky Labs: Global Research & Analysis Team. The desert falcosn targeted attacks, Feb 2015
Kaspersky Labs: Global Research & Analysis Team. Poseidon Group: a targeted attack boutique specializing in global cyber-espionage, Feb 2016
Kaspersky Labs: Global Research & Analysis Team. Mobile malware evolution: part 6, Feb 2013
Kaspersky Labs: Global Research & Analysis Team. BE2 custom plugins, router abuse, and target profiles, Nov 2014
Baumgartner, K., Golovkin, M.: The MsnMM campaigns—the earliest naikon APT campaigns, Kaspersky Lab, May 2015
Kaspersky Labs: Global Research & Analysis Team. The CozyDuke APT, April 2015
Kaspersky Labs: Global Research & Analysis Team. Cloud atlas: RedOctober APT is back in style, Dec 2014
Raiu, C., Golovkin, M.: The chronicles of the hellsing APT: the empire strikes back (2015). https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back
Kaspersky Labs: Global Research & Analysis Team. The “Kimsuky” operation: a North Korean APTs, Sept 2013
Kaspersky Labs: Global Research & Analysis Team. Carbanak APT—the great bank robbery, Feb 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yadav, R., Verma, R.N., Solanki, A.K. (2019). Defense-in-Depth Approach for Early Detection of High-Potential Advanced Persistent Attacks. In: Ray, K., Sharma, T., Rawat, S., Saini, R., Bandyopadhyay, A. (eds) Soft Computing: Theories and Applications. Advances in Intelligent Systems and Computing, vol 742. Springer, Singapore. https://doi.org/10.1007/978-981-13-0589-4_19
Download citation
DOI: https://doi.org/10.1007/978-981-13-0589-4_19
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-0588-7
Online ISBN: 978-981-13-0589-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)