You light up another cigarette And I pour the wine Anh suy tư khói thuốc Em rót đầy rượu vang
It’s four o’clock in the morning And it’s starting to get light Trời đã bốn giờ sáng Và ngày dần tỏ rạng
Now I’m right where I want to be Losing track of time But I wish that it was still last night Em đến nơi cần đến Đầu trống rỗng thời gian Tối qua qua rồi sao?
You look like you’re in another world But I can read your mind How can you be so far away lying by my side? Anh như người xa lạ Em hiểu anh, anh à Nhưng tại sao anh lại Người gần mà lòng xa
When I go away I’ll miss you And I will be thinking of you Every night and day just Dù ở xa, em nhớ Và sẽ nghĩ về anh Mỗi đêm và mỗi ngày Vì vậy…
Promise me you’ll wait for me ‘Cause I’ll be saving all my love for you And I will be home soon Hứa với em, anh nhé Anh sẽ đợi em về Vì tình yêu em đó Dành trọn cho anh rồi Em về sớm, anh nha
Promise me you’ll wait for me I need to know you feel the same way, too And I’ll be home, I’ll be home soon Hứa với em đi mà Anh sẽ đợi em về Em muốn biết anh ơi Liệu anh cũng mong vậy? Em hứa, em sẽ về Về nhà sớm với anh
APTs are sophisticated and targeted cyber attacks conducted by skilled and persistent threat actors.
APTs pose significant danger to organizations’ cybersecurity defenses due to their complexity, duration, and objectives.
⌨ APTs often leverage multiple advanced attack vectors (zero-day exploits, custom malware, social engineering, spear-phishing, and other stealthy tactics) to achieve their objectives.
⌛ APTs are designed to establish a long-term presence within the targeted network or system.
🥅 APTs focus on specific organizations or individuals of interest, such as government agencies, defense contractors, financial institutions, or organizations with valuable intellectual property. APTs are primarily motivated by espionage, data theft, intellectual property theft, sabotage, or disruption of critical systems.
⚔ APT attacks involve a well-organized and coordinated effort by skilled threat actors. They carefully plan their operations, continuously adapt their tactics, techniques, and procedures (TTPs) to evade detection, and persistently pursue their objectives.
📂 A key aspect of APTs is the covert extraction of sensitive data from the targeted organization. APTs focus on exfiltrating data without raising alarms, often using encrypted channels, steganography, or other concealment techniques to hide their activities.
🗺 APTs are often associated with nation-states or state-sponsored groups. These entities possess significant resources, advanced capabilities, and strategic motivations to conduct persistent and sophisticated cyber operations.
Notable APT campaigns are:
💼 Stuxnet: Stuxnet was a highly sophisticated APT attributed to a joint effort by the United States and Israel in 2010. It targeted Iran’s nuclear facilities, specifically its uranium enrichment centrifuges, by exploiting zero-day vulnerabilities in Windows. Stuxnet caused physical damage to Iran’s nuclear program.
💼Operation Aurora: Occurring in 2009, Operation Aurora was a series of APT attacks that targeted major technology companies, including Google, Adobe, and Juniper Networks. The attackers used spear-phishing emails to gain initial access and exploited zero-day vulnerabilities in popular software applications. The goal of the campaign was to steal intellectual property and gain unauthorized access to email accounts.
💼Carbanak: Carbanak, also known as Anunak, is an APT group that targeted financial institutions worldwide. Active from 2013 to 2016, the group used spear-phishing emails and sophisticated malware to compromise banks’ networks. Carbanak stole hundreds of millions of dollars by manipulating ATM systems, conducting fraudulent transfers, and exploiting banking systems’ weaknesses.
The Cyber Kill Chain framework came from Lockheed Martin to describe the stages that a cyber attack would normally flow through. Understanding this chain will help organizations and employees prepare ourselves across the trust gaps to proactive defense, improve incident response and conduct comprehensive risk assessments:
⚔ 1. Reconnaissance: Attackers gather information about the target, such as IP addresses, domain names, employee names, or email addresses. This stage helps them identify potential vulnerabilities or targets for further exploitation. Example: attacker using publicly available information from social media profiles and company websites to identify employees and gather information about their roles and responsibilities.
⚔ 2. Weaponization: Attackers develop or obtain the tools and techniques required to exploit vulnerabilities. This stage involves creating malicious code, crafting spear-phishing emails, or acquiring exploit kits. Example: attacker crafting a convincing email with a malicious attachment or link that, when opened, installs malware on the victim’s system.
⚔ 3. Delivery: Attackers deliver the weaponized payload to the target system. This can be done through various means, such as email attachments, malicious websites, or USB devices. Example: a targeted phishing email containing a weaponized document that, when opened, triggers the execution of the malicious code.
⚔ 4. Exploitation: The weaponized payload is executed, taking advantage of vulnerabilities in the target system or application. Exploits could involve buffer overflows, code injection, or privilege escalation. Example: an attacker exploiting a known vulnerability in a web server to gain unauthorized access and control over the system.
⚔ 5. Installation: Attackers install malware or backdoors onto the compromised system, allowing them to maintain persistence and control over the target environment. Example: a remote access Trojan being installed on a compromised system, providing the attacker with remote access and control.
⚔6. Command and Control: Attackers establish a communication channel with the compromised system to remotely control and manage their malicious activities. This involves creating a backdoor or using existing protocols to maintain a covert channel of communication. Example: an attacker using encrypted communication channels or legitimate protocols such as HTTP or DNS to communicate with the compromised system.
⚔ 7. Actions on goal: Finally, attackers achieve their primary objectives, which could include data exfiltration, unauthorized access, or disruption of services. Example: an attacker stealing sensitive data, such as customer information or intellectual property, from the compromised system.
CIA stands for Confidentiality, Integrity, and Availability and is a widely recognized model used to assess and ensure the security of information and data.
📑 Confidentiality focuses on protecting sensitive information from unauthorized access or disclosure. Measures such as encryption, access controls, and data classification are implemented to maintain confidentiality. The Equifax data breach in 2017 exposed sensitive personal information, including Social Security numbers, of approximately 147 million individuals. The breach occurred due to a vulnerability in Equifax’s website, allowing hackers unauthorized access to confidential data.
📑 Integrity ensures that data remains accurate, complete, and unaltered. Techniques like checksums, digital signatures, and data validation mechanisms are employed to detect and prevent unauthorized modifications or tampering. The Stuxnet worm, discovered in 2010, specifically targeted industrial control systems (ICS) and was designed to disrupt Iran’s nuclear program. It compromised the integrity of the systems by modifying the code in programmable logic controllers (PLCs) and causing physical damage to centrifuges.
📑 Availability ensures that authorized users have access to information and systems when needed. Measures like redundancy, backups, disaster recovery plans, and robust infrastructure are implemented to minimize downtime and ensure continuous access. In 2016, the Mirai botnet launched distributed denial-of-service (DDoS) attacks against Dyn, a major DNS provider. The attacks resulted in widespread service disruptions, causing popular websites like Twitter, Reddit, and Netflix to become inaccessible for a significant period.
The CIA triad serves as a fundamental framework in designing and evaluating the security of systems, networks, and data in cybersecurity.