The single largest threat your organization faces today is network breach. Spear-phishing, poisoned search results, drive-by downloads, and legitimate sites being compromised to push malware are all part of our current reality. The most successful and common attacks vectors stem from targeted attacks on your employees. Organizations need to utilize solutions that protect their network from user error and support requirements for continuous monitoring, real-time situational awareness and providing actionable threat intelligence for their security teams.
In this white paper, you will find:
- How adversaries are targeting your users and duping them into becoming the unwitting accomplices to breach
- Case studies in real-world breach that can help you better inform your business
- Methods for turning the tide on your adversaries using pre-breach as opposed to post-facto forensic analysis
- The emergence of virtualized environments for the browser, PDF reader and complete document suite that can detect zero-days without signatures, thwart attacks in progress and feed pre-crime forensic information to the broader security infrastructure
Defending Against the Advanced Persistent Threat:A Case Study in Deriving Adversarial Attribution from a Thwarted Targeted Attack
This white paper analyzes a targeted spear-phish against a US company that is protected by Invincea. Based on the analysis, we believe the adversary represents an Advanced Persistent Threat. The purpose of the document is to demonstrate the concept of deriving adversarial intelligence from thwarted, user-targeted attacks through the fusing of cyber forensics from those attacks in near real time with other intelligence sources.
The document provides a technical analysis of this targeted attack received as an attachment from a crafted email message. This attack sample has been provided with permission by an existing Invincea customer. The sample in question was received as a zip archive
(md5: 391ab842b89c8bd7ac8ac175be3ffbaf) containing an executable type, Microsoft Windows screensaver (scr) file
In this document we will demonstrate:
- How this particular adversary attempted a breach through the targeting of the client’s users
- How Invincea’s secure virtual containers for the browser, PDF reader and complete document suite detect zero-days without signatures, thwart attacks in progress and feed pre-crimeforensic information to the broader security infrastructure
- Methods that can be employed to use this captured forensic information for attributional investigation and adversarial identification