anatomy of a cyberattack final

7/29/2019 Anatomy of a CyberAttack Final

1/14

This is placeholder body copy. Ebit doloreici te quo

volupta denestoria verem del erumquidit, sumquianulparum num sandites es as exeratur sum aliqui

doluptionsed ea cum quiae et ant dis alit, et perum

uga. It pel ipsunt mo quunt.

Borehen imolum voluptate laborem sitatia qui

invendit maio. Eolesequi se debis dici simi olum

voluptate laborem sitatia qui invendit maio. Etporectiatur, cum evendi dest aceat raest, a poritis

dem quo qui re eicabor umquam ipsanda ntotasi

quiae vere adi reces etur suntionsequi repersperum

la sequi solesequi se debis dici simi

Page title appears here

Anatomy of a cyber-attackThe strategies and tools o cyber-criminalsand how to stop them


2/14

Introduction 2

Attack step 1: Reconnaissance and enumeration 3Attack step 2: Intrusion and advanced attacks 4

Attack step 3: Malware insertion 5

Malware type 1: Nuisance malware 6

Malware type 2: Controlling malware 7

Malware type 3: Destructive malware 8

Attack step 4: Clean-up 9

Dell SonicWALL Next-Generation Firewall 10

Dell SonicWALL comprehensive integrated security solutions 12

1 2012 Dell SonicWALL. All rights reserved..

Table o contents


3/14

You need to understand the enemybeore you can deeat them.


IntroductionAs the number and severity o cyber-crimes

continues to grow, its important to understand thesteps cyber-criminals take to attack your network,

the types o malware they use, and the tools you

need to stop them. The basic steps o a cyber attack

include reconnaissance (nding vulnerabilities);

intrusion (actual penetration o the network);

malware insertion (secretly leaving code behind);

and clean-up (covering tracks).

Malware comes in various orms, some more

nearious than others, ranging rom annoying salespitches to potentially business-devastating assaults.

Dell SonicWALL oers comprehensive solutions to

counter every stage o cyber attacks and eliminate

every type o malware rom disrupting your business

network.


4/14

Cyber-criminals will do anythingto fnd and exploit your weaknesses.


The goal o reconnaissance is to learn about

vulnerabilities in the targeted network and systems,including credentials, sotware versions, and

miscongured settings. One method or gathering

this inormation is through social engineering cons,

which ool end users into surrendering data. This

is oten perpetrated through phishing (raudulent

email), pharming (raudulent web sites) and drive-

by pharming (redirected DNS settings on hijacked

wireless access points).

Enumeration, the second step in any type o cyber-

attack, surreptitiously expands the knowledge anddata gained during reconnaissance. Service scanning

and war dialing are popular during the enumeration

phase. Service scanning identies network systems

and correlates known bugs and sotware weaknesses.

War dialing involves using an automated system to

call each o the telephone numbers owned by a

company in hopes o nding a modem which may

provide direct access to internal company resources.

Attack step 1: Reconnaissance and enumeration


5/14

A stealthy intruder can access every

acet o your network systems.4 2012 Dell SonicWALL. All rights reserved..

Vulnerabilities

Once attackers have identied and correlated

known vulnerabilities, they can exploit them topenetrate the network. Even more dangerous are

sophisticated zero-day attacks, which exploit

sotware weaknesses that, while not publically

disclosed, may have been distributed on the black

market among attackers ranging rom petty criminals

to transnational organized criminal gangs.

Another advanced orm o malicious intrusion is the

denial-o-service (DoS) attack, which aims to rendernetworks inoperable by bombarding them with

external communications requests. Common DoS

attacks include smur attacks, ping ood attacks,

ping-o-death attacks and SYN ood attacks.

Attack step 2: Intrusion and advanced attacks

A stealthy intruder can access everyacet o your network systems.


6/14

Hidden malware gives your attackerthe keys to your network.


Attack step 3: Malware insertionAter inltrating a network, the next step in an attack

is to secretly insert malware in order to maintainongoing remote control over systems, and ultimately,

execute code within the network to achieve a

particular goal.

Inserted malware can be a nuisance (e.g., marketing

driven); controlling (to provide back door access orremote control), or destructive (to cause intentional

harm or to cover the tracks o the attacker).


7/14

Nuisance adware can rendera system inoperable i notremoved properly.


Malware type 1: Nuisance malwareSome types o malware are not overly malicious in

nature, but can cause annoyance and aect systemperormance and productivity. Spyware, used to

collect and relay sensitive inormation back to its

distributor, also can be a major nuisance, typically

inecting web browsers rendering them nearly

inoperable. Spyware is oten used or deceitul

marketing purposes, such as monitoring user activity

without their knowledge.

Adware, as the name implies, is typically used

to spread advertisements, providing sometype o nancial benet to the attacker. Ater

becoming inected by adware, the victim becomes

bombarded by pop-ups, toolbars and other types o

advertisements when attempting to use the inected

computer.

MortgageInsurance CoverageEmreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonserumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.turit,aliquidmodignihitiaeconesreeveratasases

FIRST 10TRADES FREESinguptodayreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibuscon

Emreprovidearumamsapedexplitquias

enimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquia

auditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonserumipsainconsedoluptatibusaeest

haribusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.

Price YourOwn Airfare$500 DISCOUNTS

VacationTime Shares

$500DISCOUNTS

Emreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonse-rumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.turit,aliquidmodignihitiaeconesreeveratasasesavoluptasperibeaduseteanesitat

REFINANCE

TODAY

NOFEES.NOPOINTS

Emreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametprore peristi onsecumquinonserumipsainconsedoluptatibusaeestharibusciamfacea nostemharumaut recusapiendeexpelitliquaereraperrovidisalita.Diamond

Jewerly

Clickherefora

Emreprovidearumamsapedexplitquias

enimuntexpedoluptatetoccatiusam,que

quidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquia

auditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumqui

nonserumipsainconsedoluptatibusaeest

haribusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.

DISCOUNTPHARMACEUTICALS

BUYNOWAND SAVE!

FREE

Searchingfor bargainmedicat ion?reprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametpr oreperisti onsecumquinonserumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecus

Emreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibus connostiberoquatiusasimi,etmagnametproreperi stionsecumquinonserumipsainconsedoluptatibusaeestharibus-ciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.turit,aliquidmodignihitiaeconesreeveratasasesavoluptasperibeaduseteanesitat

TERM LIFEINSURANCE

CALLTODAYFORRATES

Callourofficesfor afreereprovid earum

amsapedexplitquiasenim untexpe

doluptatetoccatiusam,quequidolestion

reicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibuscon

nostiberoquatiusasimi,etmagnamet

proreperistionsecumquinonserumipsain

consedoluptatibusaeestharibusciam

faceanostemharumautrecusapiende

$100 OFFYOUR NEXT

VISITVisitourwebsitereprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonserumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecusapiende


8/14

Hidden malware gives your attackerthe keys to your network.


Malware type 2: Controlling malwareOther malware hides in wait to issue controls

or execute attacks. Trojansexecutable codeembedded into another (typically commonly-used)

applicationare oten designed to be unknowingly

launched by a trusted user. Remote-access Trojans

(RATs) create back doors or remote control.

Rootkits are even more insidious. They hide in low-

level, sub-OS system resources to provide attackerswith unrestricted network access, and can even go

undetected by conventional anti-virus solutions.

Trojans and rootkits are oten used in creating

zombie systems, rom which criminals can launch

outbound botnet attacks.


9/14

Viruses and worms can devastateyour networkand your business.


Malware type 3: Destructive malwareTypically designed to inict damage, computer

viruses can purge an entire hard disk, renderingdata useless in a matter o moments. Commonly

spread through shared les, web downloads or

email attachments, viruses must be executed on

the target system beore they actually pose a threat.

Once activated, viruses oten replicate themselves

throughout the inected system. Seek-and-destroy

viruses target specic les types or portions o the

hard disk.

Unlike viruses, worms can spread themselves

throughout networks without user activation. Onceinected by a worm, the compromised system will

begin scanning the local network in an attempt

locate additional target systems. Ater locating a

target, the worm will exploit vulnerabilities in its

operating system, injecting it with malicious code.

While sometimes viewed as a nuisance, worms can

also spread other malware and inict damage.


10/14

A skilled criminal cancompromise your network

without you ever knowing.


Attack step 4: Clean-upThe nal stage o the attack cycle is to rid the

inected system o orensic evidence. A proactiveelement to this step is or attackers to be as

inconspicuous as possible in the earlier steps.

For example, an attacker may commandeer the

credentials o a trusted network user that would

not raise alarms by accessing the targeted systems,

or use commonplace applications, such as instant

messaging, to insert malicious les or extract

inormation.

A primary goal o this step is to erase any traces o

the attack rom the system. This can be done by themanual or automated deletion o command line or

event logs, deactivation o alarms, and the upgrade

or patching o outdated sotware ater the attack has

been accomplished. Additionally, hackers and cyber

thieves oten unleash viruses and worms to destroy

potentially incriminating evidence.


11/14


Dell SonicWALL Next-Generation FirewallDell SonicWALL oers a comprehensive line

o deenses against all orms o cyber attack andmalware.

Dell SonicWALL Next-Generation Firewalls,

eaturing Reassembly-Free Deep Packet

Inspection (RFDPI) technology and multi-core

parallel architecture, scan and analyze inbound

and outbound trafc to identiy multiple threats,

applications and protocols, at wire speed and

without le size limitations.

Using input from millions of shared touch points

in the Dell SonicWALL Global Response Intelligent

Deense (GRID) Network, the Dell SonicWALL

Threat Center provides continuous communication,

eedback, and analysis on the nature and changing

behavior o threats. Dell SonicWALL Research

Labs continuously processes this inormation,

proactively delivering countermeasures and

dynamic updates to stop the latest threats.

The Dell SonicWALL SuperMassive E10800 running

SonicOS 6.0 is the highest overall protection Next-Generation Firewall to earn the Recommend

rating rom NSS Labs, the recognized leader in

independent security product testing. This single

code base or SonicOS is at the core o every Dell

Dell SonicWALL rewall, rom the TZ 105 to the

Dell Dell SonicWALL SuperMassive E10800.


12/14


Dell SonicWALL Next-Generation Firewall The Dell SonicWALL Gateway Anti-Virus, Anti-

Spyware, Intrusion Prevention, and Application

Intelligence and Control Service delivers

intelligent, real-time network security protection

against the latest blended threats, including viruses,

spyware, worms, Trojans, sotware vulnerabilities

and other malicious code.

- Intrusion prevention service (IPS) prevents

attackers rom exploiting known vulnerabilities

(Step 2 o the attack cycle)

- Gateway anti-virus and anti-spyware preventsattackers rom installing or uploading malware

to a compromised system (Step 3 o the

attack cycle)

- Application intelligence and control prevents

attackers rom being able to use commonplace

applications to transmit data to or rom the

compromised system (Step 4 o the attack cycle)

Working in conjunction with Dell SonicWALL

rewalls, Dell SonicWALL Enorced Client Anti-

Virus and Anti Spyware sotware provides

comprehensive gateway-enorced virus and

spyware protection or desktops and laptops.

Dell SonicWALL rewalls ensure that all o the

computers accessing the network have the latest

version o anti-virus and anti-spyware sotware

installed and active.


13/14


Dell SonicWALL Clean Wireless integrates Dell

SonicWALL rewalls with universal 802.11 a/b/g/n

wireless access points, to deliver advanced security

eatures such as WiFiSec, Virtual APs (VAP), and

wireless intrusion detection services (WIDS).

When combined with Dell SonicWALL Secure

Remote Access (SRA) solutions, Dell SonicWALL

rewalls create a Clean VPN that decrypts and

scans all authorized SSL VPN trafc or malware

beore it enters the network, and adds enorced

authentication, data encryption, and granularaccess policy.

The Dell SonicWALL Email Security Series provides

comprehensive email threat protection or

organizations o all sizes, stopping email-borne

spam, virus, and phishing attacks, while

contributing to internal policy and regulatory

compliance.

Dell SonicWALL Application Trafc Flow Analytics,

including the Dell SonicWALL Global Management

System 7.0, Scrutinizer and Analyzer solutions,

increases threat awareness through real time and

historical trafc analysis and provides powerulinsight into application trafc, bandwidth utilization

and security threats along with powerul

troubleshooting and orensics capabilities.

Dell SonicWALL comprehensive integrated security solutions


14/14

Copyright 2012 Dell, Inc. All rights reserved. Dell SonicWALL is a trademark of Dell, Inc. and all other Dell SonicWALL product and service names and slogans aretrademarks of Dell, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners.07/12 DSNWL 0090TM

How can I learn more?

Download the whitepaper The Wild World of Malware: Keeping Your Company Safe

View the webinar Exploring the Digital Underworld: Botnets, Zero Day Threats and Phishing

Opt-in to receive Dell SonicWALL newsletters

For eedback on this e-book or other Dell SonicWALL e-books or whitepapers, please send an email to

[email protected].

About Dell SonicWALL

Dell SonicWALL provides intelligent network security and data protection solutions that enable customers

and partners to dynamically secure, control, and scale their global networks. Securing any organization with

multi-threat scanning based on global input at wire speed, Dell SonicWALL is recognized as an industry leader

by Gartner and NSS Labs. For more inormation, visit the web site at www.sonicwall.com.
http://www.sonicwall.com/downloads/WP-ENG-072_The-Wild-World-of-Malware.pdfhttp://www.brighttalk.com/webcast/1745/38475http://forms.sonicwall.com/forms/Subscription_NAhttp://www.sonicwall.com/http://www.sonicwall.com/http://forms.sonicwall.com/forms/Subscription_NAhttp://www.brighttalk.com/webcast/1745/38475http://www.sonicwall.com/downloads/WP-ENG-072_The-Wild-World-of-Malware.pdf

anatomy of a cyberattack final

Documents