The goal of an APT is to gain access into the power grid network and collect as much information as possible. They use the exfiltration techniques that allow them to transfer sensitive information to their data-miner area also know as Command and Control Center. It is important for the APT to mask the data to resemble normal network traffic so that it detection can be made difficult or almost impossible (Cruz, 2013).
Method for data exfiltration includes:
Backdoors: This method used by the attacker to capture keystrokes, as well as video and audio of the system’s environment, using attached audio microphones and video cameras
File transfer protocols Abuse: Attackers can abuse legitimate Windows features as well. For instance, attackers can …show more content…
IT administrators will not suspect any malicious activity since connecting outside the network is not out of the ordinary (Cruz, 2013).
In our case study, APT used social engineering techniques by crafting email content sent to users that seemed legitimate. Once in the ICS the attacker will look for valuable information and noteworthy assets and the data seen here as the pot of gold is then transfer to the C2 center through tools like Remote Access Trojans (RATs) and other customized tools. Information collected is then used for different purposes such as retaliation, sabotage, data theft, and damage to brand image and reputation.
The APT is likely to install additional tools in order to gain access to servers that could contain users’ credentials. This could be an Active Directory Server from Microsoft or a LDAP Database. The APT’s goal is to collect credentials to gain an elevated access level to the network. At this point of the attack, customized tools and firmware will be installed on all accessible Programmable Logic Controller with the intention to damage to damage or run the ICS in a different way than intended by the …show more content…
This training will include all possible means used by APT to gain access to the company network. (Outside and inside sources, including human errors and negligence). All agencies working directly or indirectly with the Western Interconnection would have to adhere to the National Institute of Standards and Technology. It is used as standard references by the federal government appliances and networks to protect sensitive information. It reinforces the use of the ISMS risk management process and provides guidance to meet a minimum level of information security as required by the FISMA Act of 2002 (Wikipedia, n.d). Written policy should include multi-perspectives on risk including threats, asset, vulnerability space and its
Method for data exfiltration includes:
Backdoors: This method used by the attacker to capture keystrokes, as well as video and audio of the system’s environment, using attached audio microphones and video cameras
File transfer protocols Abuse: Attackers can abuse legitimate Windows features as well. For instance, attackers can …show more content…
IT administrators will not suspect any malicious activity since connecting outside the network is not out of the ordinary (Cruz, 2013).
In our case study, APT used social engineering techniques by crafting email content sent to users that seemed legitimate. Once in the ICS the attacker will look for valuable information and noteworthy assets and the data seen here as the pot of gold is then transfer to the C2 center through tools like Remote Access Trojans (RATs) and other customized tools. Information collected is then used for different purposes such as retaliation, sabotage, data theft, and damage to brand image and reputation.
The APT is likely to install additional tools in order to gain access to servers that could contain users’ credentials. This could be an Active Directory Server from Microsoft or a LDAP Database. The APT’s goal is to collect credentials to gain an elevated access level to the network. At this point of the attack, customized tools and firmware will be installed on all accessible Programmable Logic Controller with the intention to damage to damage or run the ICS in a different way than intended by the …show more content…
This training will include all possible means used by APT to gain access to the company network. (Outside and inside sources, including human errors and negligence). All agencies working directly or indirectly with the Western Interconnection would have to adhere to the National Institute of Standards and Technology. It is used as standard references by the federal government appliances and networks to protect sensitive information. It reinforces the use of the ISMS risk management process and provides guidance to meet a minimum level of information security as required by the FISMA Act of 2002 (Wikipedia, n.d). Written policy should include multi-perspectives on risk including threats, asset, vulnerability space and its