This attack is very similar to the Quick Double Switch, but only difference is that the attacker maintains remote access to the victim's machine. This access allows the attacker to interact with the victim’s machine from time to time, execute arbitrary code, and collect that code’s output.
Attack Execution Phase:
We have discussed about APT and its attack vectors in Part 1. Now it is important how we plan the mitigation strategies? There are multiple solutions in the market that offers different tools to effectively mitigate APT’s. It would be boring and repetitive if I go through the best practices and the technologies I have already discussed in this forum such as User Awareness, Password policies, Patching etc. We will have a look at something new- Deception, a proactive way of dealing with these sorts of cyber attacks.
The Tallinn manual (not an official document) was drafted by group of experts, and was a comprehensive effort undertaken by NATO Cooperative Cyber Defence - Centre of Excellence between 2009 and 2012 to interpret and bring clarity on international laws in the context of cyber operations. While the manual does not denote the views of NATO, but is the first respected re-statement of international law in cyber operation context. It defines a cyber-attack as a “cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects” and cyber operation that qualifies an ‘armed attack’ triggers the right of individual or collective self-defense (Schmitt, et al., 2013). The foundation is the effects or consequence that are caused by cyber operations as per the six criteria for evaluating cyber-attacks on any nation i.e.