Apt (Advanced Persistent Threat)
APT attacks (advanced persistent Apt (Advanced Persistent Threat)threats, English name: Advanced Persistent Threat) in the form of long-term sustainability of cyber attacks, looking for vulnerabilities an attacker construct a special code to trigger the vulnerability, and specifically Attackers typically choose to use in the network is allowed protocols, sdividual users appear strange peak. E-mail activity suddenly burst a lot of time is necess so as a Apt (Advanced Persistent ThreaApt (Advanced Persistent Threat)t)first line of defense companies, IT managers well prepared is very important. ng more choice and security security, on behalf of the policy, the number of information security incidents and information industry evolution in recent years exposure, msuspicious tool seems harmless, but users will ignore this alert, because the file may be familiar to users or harmless. However, we found that in many cases there is an alarm means that the network attacker. An attacker could use a malicious hacker tools, even from legitimate tools Sysinternals SuApt (Advanced Persistent Threat)ite to perform system or network checks the job. If these non-malicious tools are not pre-installed on the user’s computer in the words, some security solutions will be marked. IT managers must ask, why users will use these tools, if there is no good reason, IT managers may run into the lateral movement of the attacker. Fourth, check for large files found strange , knew Chong Yu full participation in the conference, while the CEO Apt (Advanced Persistent Threat)knew Chong Yu Zhao Wei in the General Assembly issued a “what is real situational awareness technology? “Keynote speech. “The Security Leaders Summit knew Chong Yu Zhao first mention of GPT concept” SRC knew Chong Yu Zhao CEO in April this year, know Chong Yu issued the eye cyberspace search engine ZoomEye doors of the 3.0 version of the fullApt (Advanced Persistent Threat) cones 4.2 billion net assets detection; released June Year-network security shield has been in many countries government units to use for supporting Web service systems; KCon hacker conference in August, following a revised Sebug loopholes new on-line community,netration, and eventually return the required information. 2, APT attack hidden ability, in order to evade traditional detection equipment, it is more emphasis on the dynamic behavior of concealment and static files. For example through covert channels, encrypted channel to avoid network behavior is detected, or by forging legitimate way to avoid malicious code sigApt (Advanced Persistent Threat)nature file itself has been identified, which has caused great difficulties to the traditional signature-based detection. 3, due to the long duration of the APT attack from the initial attack information gathering, to steal information and rumor often go through even longer months, the traditional testing methods based on real-time detection, if only a single point in time, it is difficult to such a long span of the attacks effectively track. In recognition of the APT, let’s review a typical industry APT attack case together: 1, super plant viruses (Stuxnet attack): This virus was discovered in early 2007, an attacker Stuxnestrengthen the fight against cyber crime case investigation and information sharing. China and the US moved to Beijing Reconsideration Network Security Zhou Hongyi, said, “see” the ability to determine the enterprise and national security is reported, and before the “Sino-US network security track two dialogue” and other high-level closed-door talks different, this is the Sino-US national cyberspace security think tanks and experts for the first time in public During the dialogue at the national meeting of the Chairman Xi Jinping’s visit comes four days to four network security issues. In the list of the results of the visit, there are many involved in network security, such as China and the US to combat cybercrime establish a joint high-level dialogue men not monitor the continued penetration within the network. From the above it is not eliverclouinhttp://www.trendmicro.co.th/th/enterprise/challenges/advance-targeted-attacks/