Welcome!

Agile Computing Authors: Pat Romanski, Liz McMillan, Corey Roth, Elizabeth White, Yeshim Deniz

Related Topics: Agile Computing, Cloud Security, Government Cloud

Agile Computing: Article

A New Generation of Cybercrime: Advanced Persistent Threats

Cybercrime has taken a dangerous turn heralding the emergence of a new generation of attacks

Cybercrime has taken a dangerous turn heralding the emergence of a new generation of attacks focused on corporate and government espionage. These attacks are targeted and persistent leading to leakage of vital state secrets and critical corporate data. These threats have been labeled as Advanced Persistent Threats (APT).

A number of recent high profile attacks such as the Google Aurora, Stuxnet, RSA hack and attacks on many defense contractors and enterprises have been traced to APTs. The modus operandi has been similar – a targeted email containing malware infiltrates a PC and hides its tracks using a rootkit. Later it contacts a Command and Control (C&C) server and downloads modules which perform the intended objective – stealing user credentials, burrowing deeper into the network, stealing vital data and ex-filtrating it to the cybercriminals.

The defenses against APTs are usually based on anti-virus software to look for malware signatures, Intrusion Detection Systems to look for suspicious network activity, Data Loss Prevention software to identify confidential data and content-aware firewalls to block the ex-filtration.

Unfortunately, these defenses have not prevented the brazen attacks.

An APT attack typically follows the following sequence of events –

  • Target profiling – This involves getting intelligence on the target to be compromised. There is a lot of publicly available information using social networks and other sources to facilitate this.
  • Attack and compromise – This is typically via spear phishing wherein a specially crafted email with a malicious attachment is sent to the user. The attachment will compromise the victim’s computer using a zero day flaw and install malware. This is usually in two parts. The first part is a self-extracting installer which hides its tracks and deletes itself after installing the second part….the actual malware which uses rootkit technology to hide itself and communicate with its command and control (C&C) server. The malware may also propagate itself within the network using network shares.
  • Download attack modules – After communicating with the C&C server, the malware downloads attack modules such as a keylogger and screen scraper.
  • Steal user credentials – The keylogger and screen scraper capture a user’s credentials when they login to other servers or access software and websites that have proprietary information that the attacker is interested in.
  • Steal proprietary information – Once the attacker has access to the user’s credentials, they can steal the proprietary data, encrypt it and prepare it to be ex-filtrated.
  • Data ex-filtration – The packaged data can be sent to the C&C server or other drop sites such as compromised computers and public email folders.
  • Maintain persistence.

To prevent yourself from being the next victim, focus on securing the user credentials rather than trying to detect the malware. This can be accomplished by following a two-pronged strategy:

  1. Prevent keyloggers and screen scrapers from grabbing the user credentials.
  2. Strengthen the password scheme by using out-of-band two factor authentication.

One solution is StrikeForce’s GuardedID anti-keylogging technology. It uses a different approach to defend against keyloggers. Rather than trying to detect keyloggers, it takes a preventive approach. It takes control of the keyboard at the lowest possible layer in the kernel. The keystrokes are then encrypted and sent to the browser via an “Out-of-Band” channel bypassing the Windows messaging queue. GuardedID has a built in self-monitoring capability. This prevents it from being bypassed by other software. If GuardedID is tampered with in any way, it will warn the user of the breach.

OOB methodologies

True “Out-of-Band” Authentication, wherein the PIN/OTP is entered in a second channel

  • Entering a fixed PIN in a phone
  1. The user enters their username and password into the application.
  2. Their phone rings and they are prompted to enter a PIN into their phone.
  • Entering an OTP in a phone
  1. The user enters their username into the application.
  2. Their phone rings and they are prompted to enter an OTP into their phone. The OTP is typically displayed to the user in the application.

“Out-of-Band” credential passing, wherein the PIN/OTP is sent to the user via a second channel.

Sending an OTP to a phone via SMS

  1. The user enters their username into the application.
  2. An OTP is sent to their phone as a text message.
  3. The user then enters the OTP into the application.

Sending an OTP to a phone via text to speech

  1. The user enters their username into the application.
  2. Their phone rings and they hear an OTP spoken via text to speech.
  3. The user then enters the OTP into the application.

Sending an OTP via email

  1. The user enters their username into the application.
  2. An OTP is sent to their email address.
  3. The user then enters the OTP into the application.

Token methodologies

Hard Token (key fob that displays OTP when a button is pressed).

  • Soft Token (OATH compliant software) that can reside on a PC or mobile devices such as a Black Berry, iPhone, Android or J2ME compliant cell phones.

StrikeForce holds the patent for Out-of-Band two factor authentication with its ProtectID platform. The solution is designed to authenticate individuals and employees and/or authorize transactions in real-time. ProtectID can be integrated into many remote access (VPN), domain access, website access, risk-mitigation, transaction based systems and other environments. The premise, cloud or hybrid service minimizes password/device related help desk calls by providing users a backup authentication method.

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...
DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the 22nd International CloudEXPO | DXWorldEXPO "Early Bird Registration" is now open. Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...