anatomy of a cyberattack final
TRANSCRIPT
-
7/29/2019 Anatomy of a CyberAttack Final
1/14
This is placeholder body copy. Ebit doloreici te quo
volupta denestoria verem del erumquidit, sumquianulparum num sandites es as exeratur sum aliqui
doluptionsed ea cum quiae et ant dis alit, et perum
uga. It pel ipsunt mo quunt.
Borehen imolum voluptate laborem sitatia qui
invendit maio. Eolesequi se debis dici simi olum
voluptate laborem sitatia qui invendit maio. Etporectiatur, cum evendi dest aceat raest, a poritis
dem quo qui re eicabor umquam ipsanda ntotasi
quiae vere adi reces etur suntionsequi repersperum
la sequi solesequi se debis dici simi
Page title appears here
Anatomy of a cyber-attackThe strategies and tools o cyber-criminalsand how to stop them
-
7/29/2019 Anatomy of a CyberAttack Final
2/14
Introduction 2
Attack step 1: Reconnaissance and enumeration 3Attack step 2: Intrusion and advanced attacks 4
Attack step 3: Malware insertion 5
Malware type 1: Nuisance malware 6
Malware type 2: Controlling malware 7
Malware type 3: Destructive malware 8
Attack step 4: Clean-up 9
Dell SonicWALL Next-Generation Firewall 10
Dell SonicWALL comprehensive integrated security solutions 12
1 2012 Dell SonicWALL. All rights reserved..
Table o contents
-
7/29/2019 Anatomy of a CyberAttack Final
3/14
You need to understand the enemybeore you can deeat them.
2 2012 Dell SonicWALL. All rights reserved..
IntroductionAs the number and severity o cyber-crimes
continues to grow, its important to understand thesteps cyber-criminals take to attack your network,
the types o malware they use, and the tools you
need to stop them. The basic steps o a cyber attack
include reconnaissance (nding vulnerabilities);
intrusion (actual penetration o the network);
malware insertion (secretly leaving code behind);
and clean-up (covering tracks).
Malware comes in various orms, some more
nearious than others, ranging rom annoying salespitches to potentially business-devastating assaults.
Dell SonicWALL oers comprehensive solutions to
counter every stage o cyber attacks and eliminate
every type o malware rom disrupting your business
network.
-
7/29/2019 Anatomy of a CyberAttack Final
4/14
Cyber-criminals will do anythingto fnd and exploit your weaknesses.
3 2012 Dell SonicWALL. All rights reserved..
The goal o reconnaissance is to learn about
vulnerabilities in the targeted network and systems,including credentials, sotware versions, and
miscongured settings. One method or gathering
this inormation is through social engineering cons,
which ool end users into surrendering data. This
is oten perpetrated through phishing (raudulent
email), pharming (raudulent web sites) and drive-
by pharming (redirected DNS settings on hijacked
wireless access points).
Enumeration, the second step in any type o cyber-
attack, surreptitiously expands the knowledge anddata gained during reconnaissance. Service scanning
and war dialing are popular during the enumeration
phase. Service scanning identies network systems
and correlates known bugs and sotware weaknesses.
War dialing involves using an automated system to
call each o the telephone numbers owned by a
company in hopes o nding a modem which may
provide direct access to internal company resources.
Attack step 1: Reconnaissance and enumeration
-
7/29/2019 Anatomy of a CyberAttack Final
5/14
A stealthy intruder can access every
acet o your network systems.4 2012 Dell SonicWALL. All rights reserved..
Vulnerabilities
Once attackers have identied and correlated
known vulnerabilities, they can exploit them topenetrate the network. Even more dangerous are
sophisticated zero-day attacks, which exploit
sotware weaknesses that, while not publically
disclosed, may have been distributed on the black
market among attackers ranging rom petty criminals
to transnational organized criminal gangs.
Another advanced orm o malicious intrusion is the
denial-o-service (DoS) attack, which aims to rendernetworks inoperable by bombarding them with
external communications requests. Common DoS
attacks include smur attacks, ping ood attacks,
ping-o-death attacks and SYN ood attacks.
Attack step 2: Intrusion and advanced attacks
A stealthy intruder can access everyacet o your network systems.
-
7/29/2019 Anatomy of a CyberAttack Final
6/14
Hidden malware gives your attackerthe keys to your network.
5 2012 Dell SonicWALL. All rights reserved..
Attack step 3: Malware insertionAter inltrating a network, the next step in an attack
is to secretly insert malware in order to maintainongoing remote control over systems, and ultimately,
execute code within the network to achieve a
particular goal.
Inserted malware can be a nuisance (e.g., marketing
driven); controlling (to provide back door access orremote control), or destructive (to cause intentional
harm or to cover the tracks o the attacker).
-
7/29/2019 Anatomy of a CyberAttack Final
7/14
Nuisance adware can rendera system inoperable i notremoved properly.
6 2012 Dell SonicWALL. All rights reserved..
Malware type 1: Nuisance malwareSome types o malware are not overly malicious in
nature, but can cause annoyance and aect systemperormance and productivity. Spyware, used to
collect and relay sensitive inormation back to its
distributor, also can be a major nuisance, typically
inecting web browsers rendering them nearly
inoperable. Spyware is oten used or deceitul
marketing purposes, such as monitoring user activity
without their knowledge.
Adware, as the name implies, is typically used
to spread advertisements, providing sometype o nancial benet to the attacker. Ater
becoming inected by adware, the victim becomes
bombarded by pop-ups, toolbars and other types o
advertisements when attempting to use the inected
computer.
MortgageInsurance CoverageEmreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonserumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.turit,aliquidmodignihitiaeconesreeveratasases
FIRST 10TRADES FREESinguptodayreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibuscon
Emreprovidearumamsapedexplitquias
enimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquia
auditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonserumipsainconsedoluptatibusaeest
haribusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.
Price YourOwn Airfare$500 DISCOUNTS
VacationTime Shares
$500DISCOUNTS
Emreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonse-rumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.turit,aliquidmodignihitiaeconesreeveratasasesavoluptasperibeaduseteanesitat
REFINANCE
TODAY
NOFEES.NOPOINTS
Emreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametprore peristi onsecumquinonserumipsainconsedoluptatibusaeestharibusciamfacea nostemharumaut recusapiendeexpelitliquaereraperrovidisalita.Diamond
Jewerly
Clickherefora
Emreprovidearumamsapedexplitquias
enimuntexpedoluptatetoccatiusam,que
quidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquia
auditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumqui
nonserumipsainconsedoluptatibusaeest
haribusciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.
DISCOUNTPHARMACEUTICALS
BUYNOWAND SAVE!
FREE
Searchingfor bargainmedicat ion?reprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametpr oreperisti onsecumquinonserumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecus
Emreprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibus connostiberoquatiusasimi,etmagnametproreperi stionsecumquinonserumipsainconsedoluptatibusaeestharibus-ciamfaceanostemharumautrecusapiendeexpelitliquaereraperrovidisalita.turit,aliquidmodignihitiaeconesreeveratasasesavoluptasperibeaduseteanesitat
TERM LIFEINSURANCE
CALLTODAYFORRATES
Callourofficesfor afreereprovid earum
amsapedexplitquiasenim untexpe
doluptatetoccatiusam,quequidolestion
reicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibuscon
nostiberoquatiusasimi,etmagnamet
proreperistionsecumquinonserumipsain
consedoluptatibusaeestharibusciam
faceanostemharumautrecusapiende
$100 OFFYOUR NEXT
VISITVisitourwebsitereprovidearumamsapedexplitquiasenimuntexpedoluptatetoccatiusam,quequidolestionreicitiisinectamvoluptatiorem.Utmagnisquiasrestruntionetquiaauditatibusconnostiberoquatiusasimi,etmagnametproreperistionsecumquinonserumipsainconsedoluptatibusaeestharibusciamfaceanostemharumautrecusapiende
-
7/29/2019 Anatomy of a CyberAttack Final
8/14
Hidden malware gives your attackerthe keys to your network.
7 2012 Dell SonicWALL. All rights reserved..
Malware type 2: Controlling malwareOther malware hides in wait to issue controls
or execute attacks. Trojansexecutable codeembedded into another (typically commonly-used)
applicationare oten designed to be unknowingly
launched by a trusted user. Remote-access Trojans
(RATs) create back doors or remote control.
Rootkits are even more insidious. They hide in low-
level, sub-OS system resources to provide attackerswith unrestricted network access, and can even go
undetected by conventional anti-virus solutions.
Trojans and rootkits are oten used in creating
zombie systems, rom which criminals can launch
outbound botnet attacks.
-
7/29/2019 Anatomy of a CyberAttack Final
9/14
Viruses and worms can devastateyour networkand your business.
8 2012 Dell SonicWALL. All rights reserved..
Malware type 3: Destructive malwareTypically designed to inict damage, computer
viruses can purge an entire hard disk, renderingdata useless in a matter o moments. Commonly
spread through shared les, web downloads or
email attachments, viruses must be executed on
the target system beore they actually pose a threat.
Once activated, viruses oten replicate themselves
throughout the inected system. Seek-and-destroy
viruses target specic les types or portions o the
hard disk.
Unlike viruses, worms can spread themselves
throughout networks without user activation. Onceinected by a worm, the compromised system will
begin scanning the local network in an attempt
locate additional target systems. Ater locating a
target, the worm will exploit vulnerabilities in its
operating system, injecting it with malicious code.
While sometimes viewed as a nuisance, worms can
also spread other malware and inict damage.
-
7/29/2019 Anatomy of a CyberAttack Final
10/14
A skilled criminal cancompromise your network
without you ever knowing.
9 2012 Dell SonicWALL. All rights reserved..
Attack step 4: Clean-upThe nal stage o the attack cycle is to rid the
inected system o orensic evidence. A proactiveelement to this step is or attackers to be as
inconspicuous as possible in the earlier steps.
For example, an attacker may commandeer the
credentials o a trusted network user that would
not raise alarms by accessing the targeted systems,
or use commonplace applications, such as instant
messaging, to insert malicious les or extract
inormation.
A primary goal o this step is to erase any traces o
the attack rom the system. This can be done by themanual or automated deletion o command line or
event logs, deactivation o alarms, and the upgrade
or patching o outdated sotware ater the attack has
been accomplished. Additionally, hackers and cyber
thieves oten unleash viruses and worms to destroy
potentially incriminating evidence.
-
7/29/2019 Anatomy of a CyberAttack Final
11/14
10 2012 Dell SonicWALL. All rights reserved..
Dell SonicWALL Next-Generation FirewallDell SonicWALL oers a comprehensive line
o deenses against all orms o cyber attack andmalware.
Dell SonicWALL Next-Generation Firewalls,
eaturing Reassembly-Free Deep Packet
Inspection (RFDPI) technology and multi-core
parallel architecture, scan and analyze inbound
and outbound trafc to identiy multiple threats,
applications and protocols, at wire speed and
without le size limitations.
Using input from millions of shared touch points
in the Dell SonicWALL Global Response Intelligent
Deense (GRID) Network, the Dell SonicWALL
Threat Center provides continuous communication,
eedback, and analysis on the nature and changing
behavior o threats. Dell SonicWALL Research
Labs continuously processes this inormation,
proactively delivering countermeasures and
dynamic updates to stop the latest threats.
The Dell SonicWALL SuperMassive E10800 running
SonicOS 6.0 is the highest overall protection Next-Generation Firewall to earn the Recommend
rating rom NSS Labs, the recognized leader in
independent security product testing. This single
code base or SonicOS is at the core o every Dell
Dell SonicWALL rewall, rom the TZ 105 to the
Dell Dell SonicWALL SuperMassive E10800.
-
7/29/2019 Anatomy of a CyberAttack Final
12/14
11 2012 Dell SonicWALL. All rights reserved..
Dell SonicWALL Next-Generation Firewall The Dell SonicWALL Gateway Anti-Virus, Anti-
Spyware, Intrusion Prevention, and Application
Intelligence and Control Service delivers
intelligent, real-time network security protection
against the latest blended threats, including viruses,
spyware, worms, Trojans, sotware vulnerabilities
and other malicious code.
- Intrusion prevention service (IPS) prevents
attackers rom exploiting known vulnerabilities
(Step 2 o the attack cycle)
- Gateway anti-virus and anti-spyware preventsattackers rom installing or uploading malware
to a compromised system (Step 3 o the
attack cycle)
- Application intelligence and control prevents
attackers rom being able to use commonplace
applications to transmit data to or rom the
compromised system (Step 4 o the attack cycle)
Working in conjunction with Dell SonicWALL
rewalls, Dell SonicWALL Enorced Client Anti-
Virus and Anti Spyware sotware provides
comprehensive gateway-enorced virus and
spyware protection or desktops and laptops.
Dell SonicWALL rewalls ensure that all o the
computers accessing the network have the latest
version o anti-virus and anti-spyware sotware
installed and active.
-
7/29/2019 Anatomy of a CyberAttack Final
13/14
12 2012 Dell SonicWALL. All rights reserved..
Dell SonicWALL Clean Wireless integrates Dell
SonicWALL rewalls with universal 802.11 a/b/g/n
wireless access points, to deliver advanced security
eatures such as WiFiSec, Virtual APs (VAP), and
wireless intrusion detection services (WIDS).
When combined with Dell SonicWALL Secure
Remote Access (SRA) solutions, Dell SonicWALL
rewalls create a Clean VPN that decrypts and
scans all authorized SSL VPN trafc or malware
beore it enters the network, and adds enorced
authentication, data encryption, and granularaccess policy.
The Dell SonicWALL Email Security Series provides
comprehensive email threat protection or
organizations o all sizes, stopping email-borne
spam, virus, and phishing attacks, while
contributing to internal policy and regulatory
compliance.
Dell SonicWALL Application Trafc Flow Analytics,
including the Dell SonicWALL Global Management
System 7.0, Scrutinizer and Analyzer solutions,
increases threat awareness through real time and
historical trafc analysis and provides powerulinsight into application trafc, bandwidth utilization
and security threats along with powerul
troubleshooting and orensics capabilities.
Dell SonicWALL comprehensive integrated security solutions
-
7/29/2019 Anatomy of a CyberAttack Final
14/14
Copyright 2012 Dell, Inc. All rights reserved. Dell SonicWALL is a trademark of Dell, Inc. and all other Dell SonicWALL product and service names and slogans aretrademarks of Dell, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners.07/12 DSNWL 0090TM
How can I learn more?
Download the whitepaper The Wild World of Malware: Keeping Your Company Safe
View the webinar Exploring the Digital Underworld: Botnets, Zero Day Threats and Phishing
Opt-in to receive Dell SonicWALL newsletters
For eedback on this e-book or other Dell SonicWALL e-books or whitepapers, please send an email to
About Dell SonicWALL
Dell SonicWALL provides intelligent network security and data protection solutions that enable customers
and partners to dynamically secure, control, and scale their global networks. Securing any organization with
multi-threat scanning based on global input at wire speed, Dell SonicWALL is recognized as an industry leader
by Gartner and NSS Labs. For more inormation, visit the web site at www.sonicwall.com.
http://www.sonicwall.com/downloads/WP-ENG-072_The-Wild-World-of-Malware.pdfhttp://www.brighttalk.com/webcast/1745/38475http://forms.sonicwall.com/forms/Subscription_NAhttp://www.sonicwall.com/http://www.sonicwall.com/http://forms.sonicwall.com/forms/Subscription_NAhttp://www.brighttalk.com/webcast/1745/38475http://www.sonicwall.com/downloads/WP-ENG-072_The-Wild-World-of-Malware.pdf