advanced targeted attacks — the attack · pdf fileadvanced targeted attacks ... stage 1:...
TRANSCRIPT
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1
Advanced Targeted Attacks — The Attack Lifecycle
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2
Today’s Cybercriminal Profile
• Armed with drag and drop toolkits • Committed to multi-stage, multi-
vector plan of attack • Goal to breach defenses to
obtain valuable information
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3
STAGE 1: System Exploitation
• Drive-by attacks and casual browsing • Delivered via Web or email
• Blended attack across multiple threat vectors
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4
STAGE 2: Binary Payloads Downloaded, Long-Term Control Established
• Additional malware binaries downloaded • One exploit equals dozen of infections
on same system
• Criminals establish long-term control mechanisms
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5
STAGE 3: Malware Callbacks
• Malware calls criminal servers for instruction
• Replicates and disguises itself to avoid scans
• Malware communications allowed through firewall
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6
STAGE 4: Data Exfiltration
• Acquired data staged for exfiltration • Exfiltrated over common protocols
• Arrives at external server controlled by criminal
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7
STAGE 5: Malware Spreads Laterally
• Establish long-term network control • Malware spreads laterally
• Conducts reconnaissance
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8
FireEye Malware Protection System
• Next generation, advanced threat protection • Industry’s only fully integrated solution • Protects against advanced attacks
across multiple vectors • Addresses all stages of advanced
attack lifecycle • Effective against advanced persistent
targeted attacks