클라우드 서비스를 이용한 APT 대응

  • View
    717

  • Download
    3

Embed Size (px)

DESCRIPTION

2011년 10월 국방IT 심포지움

Text of 클라우드 서비스를 이용한 APT 대응

  • 1. Cloud Service APT(Advanced Persistent Threat) 2011.11.03 ASEC (AhnLab Security Emergency response Center) Advanced Threat Researcher, MCSE, MCDBA, MCSA, CISSP (zhang95@ahnlab.com) Copyright (c) AhnLab, Inc. 1988-2011. All rights reserved.
  • 2. I. APT(Advanced Persistent Threat) 1. APT(Advanced Persistent Threat) 2. APT(Advanced Persistent Threat) 3. APT(Advanced Persistent Threat) Targeted Attack 4. APT(Advanced Persistent Threat) Remote Control II. APT(Advanced Persistent Threat) Case Study 1. 2010 1 Operation Aurora 2. 2011 2 Night Dragon 3. 2011 3 EMC/RSA 4. 2011 8 Operation Shady RAT . Cloud Service APT(Advanced Persistent Threat) Defense Strategy 1. APT(Advance Persistent Threat) Timeline 2. Proactive Defense for APT(Advance Persistent Threat) 3. Cloud Service for Proactive Defense 1
  • 3. 1 APT(ADVANCED PERSISTENT THREAT) 2
  • 4. 1. APT(Advanced Persistent Threat) APT APT , 3
  • 5. 2. APT(Advanced Persistent Threat) , APT 4
  • 6. 3. APT(Advanced Persistent Threat) Targeted Attack APT Targeted Attack Social Engineering Targeted Attack Instant Messenger [Microsoft Word Adobe Reader ] 5
  • 7. 4. APT(Advanced Persistent Threat) Remote Control Targeted Attack AV [Gh0st RAT, NetBot Poison Ivy ] 6
  • 8. 2 APT(ADVANCED PERSISTENT THREAT) CASE STUDY 7
  • 9. 1. 2010 1 Operation Aurora 2011 1 12 Google Google Adobe, Juniper, Yahoo 34 Internet Explorer Zero Day MS10-002(CVE-2010-0249) 1) Targeted Attack 4) 3) C&C 2) I.E Zero Day & [Operation Aurora ] 8
  • 10. 2. 2011 2 Night Dragon 2011 2 9 McAfee , , Targeted Attack 1) C&C 3) 5) 1 2) Targeted Attack 4) [Night Dragon ] 9
  • 11. 3. 2011 3 EMC/RSA 2011 3 18 EMC/RSA OTP(One Time Password) Social Network Service Targeted Attack Targeted Attack Adobe Flash Player Zero Day CVE-2011-0609 SWF 2011 Recruitment plan.xls XLS Poison Ivy Targeted Attack RAR FTP [EMC/RSA ] 10
  • 12. 4. 2011 8 Operation Shady RAT 2011 8 3 McAfee Operation Shady RAT 5 6 72 Targeted Attack Application , , , , , - 22 , , , , 6 , , , , - 13 - 13 , , , - 6 , , , - 13 [Operation Shady RAT ] 11
  • 13. 3 CLOUD SERVICE APT(ADVANCED PERSISTENT THREAT) DEFENSE STRATEGY 12
  • 14. 1. APT(Advanced Persistent Threat) Timeline 1) 2) 3) 4) : 3 / : Social Engineering Targeted Attack : Reverse Connection C&C : C&C 13
  • 15. 2. Proactive Defense for APT(Advance Persistent Threat) APT , Defense in Depth 14
  • 16. 3. Cloud Service for Proactive Defense / Network URL CERT ASEC / (/) Smart Defense SiteGuard Heuristic / TrusGuard Signature V3 Engine Smart Defense SiteGuard Database Database AOS Hackshield TrusGuard APC 4.0 SiteGuard Security Center V3 IS 8.0 SiteGuard V3 MSS SiteGuard V3 365 SiteGuard Mobile Security 15
  • 17. Copyright (c) AhnLab, Inc. 1998-2011 All rights reserved. http://www.ahnlab.com | http://blog.ahnlab.com/asec | http://twitter.com/AhnLab_man | http://twitter.com/AhnLab_SecuInfo