Cyberespionage Operators Work In Groups, Process Enormous Data Workloads

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/advanced-threats/cyberespionage-operators-work-in-groups/240156664

By Robert Lemos
Dark Reading
June 13, 2013

In a study of the life cycle of cyberespionage attacks, a group of 
researchers at a Taiwanese security startup have found that the nation's 
major government agencies encounter a dozen such attacks each day and that 
the operators behind the attacks have virtual data centers that appear to 
be processing enormous workloads.

The research, which will be presented at the Black Hat Briefings later 
this summer, focuses on a part of the espionage life cycle that most 
incident responders do not see: the attackers sifting through their data 
caches and processing the stolen information in virtual "APT [advanced 
persistent threat] operation centers," says Benson Wu, co-founder and lead 
security researcher at Taiwan-based Xecure Lab and one of the presenters.

"[We] will show that there are lots of people in these APT operation 
centers," Wu says. "We can't see [the] data that is being stolen, but 
there are a lot of operators. The workloads are so high that there must be 
tons of victims."

Wu -- along with researchers at Academia Sinica/Taiwan, a top research 
university -- describes the life cycle of cyberespionage attacks in five 
steps: the enemy creates their tools and infrastructure; they then get by 
their victim's defenses; they search for and exfiltrate data using their 
command-and-control servers; they use a back-end console to gain access to 
the data; and they process the stolen information in an APT operations 
center. Their research focuses on the last two steps, he says.

[...]



_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org