One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2668 |
| Date de publication | 2016-06-10 13:00:00 (vue: 2016-06-10 13:00:00) |
| Titre | Danti\'s APT Inferno |
| Texte | In contrast to the many high-profile data breaches being reported under various state or industry guidelines, cyberespionage of political targets (and the resulting loss of data) rarely gets reported. One example of such an attack is Danti, which is an APT that focuses primarily on government organizations in India.Danti exploits CVE-2015-2545, which was announced and patched by Microsoft in September 2015. However, because of the low deployment rate of the patch by many organizations, the exploits targeting this vulnerability continues to be effective.The team at Kaspersky Labs has written a detailed report on the evolution of the threat, from its initial use by the Platinum group in August 2015 to its current usage by several threat groups to attack targets in several countries in the Asia/Pacific region. The technique commonly used to penetrate a network is Spearphishing, which uses malicious code embedded in a document from a legitimate-looking source that once opened compromises the victim’s system.From the Kaspersky Report: “The exploit is based on a malformed embedded EPS (Encapsulated Postscript) object. This contains the shellcode that drops a backdoor, providing full access to the attackers.”The Kaspersky Lab’s report also illustrates how bad actors will continue to modify attack techniques to improve infection rates and avoid detection. The graphic below illustrates how several groups have developed separate attacks to target the vulnerability: Timeline of Attacks Using Exploits that Target CVE-2015-2545 Source: Kaspersky LabsRelated Pulse: Impact on youCVE-2015-2545 has been with us since September 2015, and MSFT released a fix in update MS15-099, also released in September. That’s the good news. The bad news is that vulnerability affects Microsoft Office versions:2007 SP32010 SP22013 SP1 and 2013 RT SP12016In other words, there could be a lot of potentially vulnerable software running in your network. For those of you have deployed MS15-099, you get a gold star. Well done! For those of you who haven’t, your systems are at risk, especially those in government agencies in India, or targeted agencies in other countries like the Philippines, Myanmar and Nepal.How AlienVault HelpsThe AlienVault Labs team performs the threat research that most IT teams simply don’t have the expertise, time, budget, or tools to do themselves on the latest threats, and how to detect and respond to them. The Labs team regularly updates the rulesets that drive the threat detection, prioritization, and response capabilities of the AlienVault Unified Security Management (USM) |
| Envoyé | Oui |
| Condensat | “the ”the 099 2013 2015 2016 2545 ability access according across active actively actor actors added adding affects agencies alerted aliens alienvault also announced apt apts are asia/pacific attack attacker attackers attacks august available avoid backdoor bad based because been being below between breaches budget campaigns capabilities code commonly community compromise compromised compromises contains continue continues contrast contributed correlation could countries created current customers cve cyberespionage danti danti:system dantidanti dantifor data date defenses deployed deployment detailed detect detection developed directive discussed document documents don’t done drive drops during effective embedded encapsulated engage eps especially events evolution evolving example exchange expertise exploit exploiting exploits february fellow fix focuses following forums from full get gets gold good government graphic group groups guidelines has have haven’t helpsthe high hitting how however identified ids illustrates impact improve included india indian indicate indicators industry infection inferno information initial integration intelligence iocs its kaspersky kaspersky’s kazakhstan keep kyrgyzstan lab’s labs labsrelated latest least legitimate like link looking loss lot low malformed malicious malware management many march means microsoft modify more most ms15 msft myanmar nepal network new news now object office once one open opened organizations other otx otx and patch patched penetrate performs philippines phishing platform platform’s platinum political postscript potentially predominantly present primarily prioritization product profile providing pulse: rarely rate rates recently region regularly released report report: reported research respond response result resulting risk rule rulesets running security see separate september several shellcode signatures simply since software source source: sp1 sp12016in sp22013 sp32010 spearphishing star state such system systems target targeted targeting targets team teams technique techniques telemetry that’s the alienvault them themselves these those threat threats time tools traffic under unified update update:emerging updated updates usage use used to users uses using usm uzbekistan various vectors versions:2007 victim’s visit vulnerability vulnerability:timeline vulnerable we've weekly well whenever which who will words written youcve your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.