Industry-wide, cyber security defenders are struggling to keep pace with increasingly advanced (and well-funded) criminal campaigns. These campaigns have substantial, bottom-line impacts and require rapid response with advanced counter-measures. These criminal campaigns are called Advanced Persistent Threats,Many organizations have sound fundamental cyber security capabilities. However, advanced persistent threat (APT) tactics require more agile and advanced defenses. Organizations must continue the fundamentals while adding more advanced and complimentary capabilities. New technologies and methodologies are needed to detect, prevent and respond to threats in near real-time.
To explore the full article, please open the attached pdf.
Authored by Vikas Kumar
TCS Enterprise Security and Risk Management
Steganography is the practice of hiding a message or a file within another file so that only the sender and receiver know of its existence. It may also involve the use of cryptography, where the secret message/file is encrypted before being hidden. The objective is to ensure that transmission of secret data remains unsuspected and undetectable. Unlike encrypted files, steganographically hidden messages do not attract attention or arouse suspicion.
Steganography is both an art and a science. As a science it has evolved with advancement in technology, hiding techniques & tools, and as an art it has evolved with ingenuity of man. This advancement has made it easy for anyone to practice it from anywhere on the planet.
This article presents an approach to examine whether a website allows support for steganographically hidden content by evaluating a varied mix of social media sites, image hosting sites, media sites and a few easily available steganography tools.
In previous article, we understood the phases where an attacker prepares for an attack enumerate the target environment and scans the entire network. More information about the target is acquired, more vulnerability can be identified and more attack vectors can be prepared to launch the attack.
Now that attacker has all this data, he has the vulnerability identified, scanned network architecture and the loopholes which can be utilized to gain access of the target network. Third phase, the step where an actual attack is performed, is known as Gaining Access.
To gain access, attacker might try to use anyone or more than one method:
Generally, people have this idea in mind that Information Security arrangements are for reacting on security breaches rather than preventing them. But on the contrary, preventing problems by strengthening security is more effective and less expensive than reacting to breaches after they occur. We deploy so many layers of security in an organization; still we face issues and security breaches quite often. It is high time for us to think about the reasons behind this. Below are few reasons which I could think of:
1. In an enterprise wide environment, weakest link in security chain is the end mile network point. Endpoints and their users become the loophole in the properly tighten security structure. Security teams should ensure that even the last network device is covered in the scope of Security deployment. Also, customers should help to patch this loophole.
The recent IT landscape has forced the organizations to go online with every ounce of data they have. In the current scenario, Data is everything and if that is made public, securing and classifying it becomes a top priority.
When we talk about Security, three basic elements called as Infosec CIA triangle comes into our mind i.e. confidentiality, integrity and availability.
Each and every effort should be put in to ensure above three things. There are so many techniques to protect the data and to ensure these in an organization but the key point is that above three attributes of data must be protected.
Although these elements are so common, they are most effective principles which a Security Engineer can cling upon. Now, that we have already discussed the basics of Information security. Let us get into the real discussion of catching a thief by being one.
We have discussed about APT and its attack vectors in Part 1. Now it is important how we plan the mitigation strategies? There are multiple solutions in the market that offers different tools to effectively mitigate APT’s. It would be boring and repetitive if I go through the best practices and the technologies I have already discussed in this forum such as User Awareness, Password policies, Patching etc. We will have a look at something new- Deception, a proactive way of dealing with these sorts of cyber attacks.