.@potatowar and before the Kill Chain, we just called it footprinting :) #TrendChat
1
0
0
0
Hashtag
#TrendChat
Advertisement · 728 × 90
Thanks for participating! #TrendChat
0
0
0
0
This is your favourite tweet, look into my eyes #TrendChat
0
0
0
0
Build defences that recognise attacks at multiple layers, strive for resiliency #TrendChat
0
0
0
0
A10: Constant vigilance providing actionable intelligence is key. Security must be built based on "breach will happen" #TrendChat
0
0
0
0
A10: traffic spikes, unusual db queries, patch mgmt, user education all play a part #TrendChat
0
0
0
0
A10: traditional defense is blind to targeted attacks, netowrk inspection, anomalous behaviour on legit accounts, (cont) #TrendChat
0
0
0
0
A9: For the victim, attacker intent, internal weaknesses in architecture and system design as long as traffic is noticed! #TrendChat
0
0
0
0
A9: For the attacker, netowrk architecture, resources, user accounts, severs databases of interest #TrendChat
0
0
0
0
.@gianlucaSB Depends on the objective, but in most cases yes lateral movment & extraction is non-automated #TrendChat
0
0
0
0
.@japalm MDM, AV URL filt, Encryption and policy enforcement. Unfortunately OS architecture makes true security difficult 4 most #TrendChat
0
0
0
0
Like most malware, attackers are Windows focussed but SabPab and LuckyCat .apks show wider intent #TrendChat
0
0
0
0
LuckyCat attacks show evidence that attackers are already investigating Mobile OS, we found .apk files on C&C servers #TrendChat
0
0
0
0
Yep and looking for self signed cert traffic is a good flag to raise #TrendChat
0
0
0
0
A6: C&C traffic at the firewall was a good indicator of compromise, keeping it internal keeps it lower profile #TrendChat
0
0
0
0
One important evolution we noted recently was the siting of C&C *inside* compromised orgs, cutting down on perimeter traffic #TrendChat
0
0
0
0
.@cyberwar and before the Kill Chain, we just called it footprinting :) #TrendChat
0
0
0
0
LinkedIn is not a social network, everyone know shtat, it's a *professional* network and therefore safe to share info </sarcasm> #TrendChat
0
0
0
0
Open Source Intelligence, basically TMI :) Information overshare in public, helps in creating credible delivery vehicles #TrendChat
0
0
0
0
Not to mention the industrialisation of cybercrime and maturity of toolkits #TrendChat
0
0
0
0
One thing that has really enabled targeted attacks in the last decade is the abundance of OSINT available though online search #TrendChat
0
0
0
0
RSA over $60m cost due to APT, DigiNotar out of business, the effects are material and measurable #TrendChat
0
0
0
0
A3: Materially, through loss of IP, loss of competitiveness, share price, reputational damage #TrendChat
0
0
0
0
A2: Persistency is about the ability to maintina a presence even in the face of victim's attempts to clean up and detect #TrendChat!
0
0
0
0
A2: Advanced is for me is more about the research & targeting than the malware or exploit in many cases #TrendChat!
0
0
0
0
A1: Depends who and where you are, consumers face an array of threats, as does industry. For industry the landscape has changed…#TrendChat!
0
0
0
0
Shame to see SourceFire bidding for sponsored ads on our #TrendChat :( #notcricket chaps #notcricketatall
0
0
0
0