China Versus USA: Nation/State Sponsored Attacks
Part 2 in a series of 9 Security Whitepapers:
Deep within the Secured Network Operation Center (SNOC), thousands of software and network vulnerabilities are constantly monitored, investigated and vigorously blocked at the US ProTech center of security intelligence. “APT’s, or Advanced Persistent Threat, (http://en.wikipedia.org/wiki/Advanced_persistent_threat) are clearly on the Rise,” says Goetsch, the CEO of US ProTech, Inc., head of an elite group of expert security technicians specialized in offensive-side penetration testing for nearly two decades. In late November, 2014, a Chinese advanced persistent threat (APT) compromised Forbes.com to set up a watering hole style web-based drive-by attack against US Defense and Financial Services firms. The attack was executed against specific targets by compromising the Forbes.com Thought of the Day (ToTD) Adobe Flash widget that appears initially whenever anyone visits any Forbes.com page or article. The attack involved a unicorn among cyber threats: chained 0-days of Adobe Flash and Internet Explorer vulnerabilities. US ProTech and it’s Malware partner Invincea uniquely detected and stopped the attack that evaded all other network defenses. You are invited to read a research report published about this attack. The report includes:
- Information on the types of business sectors and groups targeted,
- Details on the group that iSIGHT has attributed to these attacks,
- Screenshots of logs detailing the chain of events that occur when such attacks take place.
We’re sharing this information, because we believe it is critical for businesses to understand the nature of such attacks so they can protect themselves going forward. While the SNOC detected and stopped this attack, the technical indicators from the attack are being released to vetted parties to determine if the attack succeeded elsewhere. It is important to note enterprises running US ProSecure are immune to these attacks, but the nature of these attacks may require those not protected by US ProSecure to determine if they have been compromised. For the full report, please fill out the form on the right.