APTs and PPM: Make Key Password Accounts a Moving Target
I was recently at the CU Information Security Conference and heard many a fine presentation concerning APTs. For those of you not familiar with the term, an APT (or Advanced Persistent Threats) is defined by the Wikipedia community thusly: “Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity.
“The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attack. Other recognized attack vectors include infected media, supply chain compromise and social engineering.
With this in mind, what are APTs trying to gather? The APTs are actively trying to install keyloggers and other malware in order to capture privileged passwords. The reason a spear phishing attack is targeting a network admin isn’t to get their personal account, it is to get the keylogger on that person’s machine to wait for them to log in with Enterprise Admin and capture the valuable password.
The question then becomes the following: ‘how long will that password that has just been capture be valid on the DC?’