Slashdot Mirror
You Have Around 20 Minutes To Contain a Russian APT Attack (zdnet.com)
When a Russian nation-state actor attacks a government or a private organization, they have about 20 minutes to detect and contain the attack. From a report: New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their "breakout time." "Breakout time" refers to the time a hacker group takes from gaining initial access to a victim's computer to moving laterally through its network. This includes the time the attacker spends scanning the local network and deploying exploits in order to escalate his access to other nearby computers.
[...] According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally "Bears") have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds.
[...] According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally "Bears") have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds.
With enough vodka I do it in 10.
Russia Russia Russia Russia Russia Russia
russia Russia Russia Russia
It was her turn! Waaah wah wahhhh
I admit I had to Google that one. Stupid article doesn't explain the name at all, and here I was thinking we had some big new Debian/Ubuntu vulnerability.
- Necron69
What is an APT? Is it APK's Bolshevik cousin?
"Russian" attack by NSA? 20 minutes, or less?
Orange man bad!
Orange man bad!
Orange man bad!
I've wondered for some time why Honeypots are not a near-universal solution to this. That is, each router can host a bunch of fake servers with real IP addresses on the network then watch for intrusion attempted or real on these fake nodes. You don' t need a lot of horsepower backing the fake nodes since they are not doing anything except mimicking a normal level of net traffic to other computers so it's not a burden on the system or the routers. And if one was worried the hackers could eventually learn to spot these virtual nodes in the routers (perhapsvia hacking the router itself), then one could also sprinkle in a few real computers on the network acting as honey pots.
In any event, any attempt to break in or a successful one on a honey pot, is 100% evidence the network is experiencing lateral intrusions and you just shut it down immediately.
What's the catch?
Some drink at the fountain of knowledge. Others just gargle.
Nobody "stole" any elections. Hillary (It's Her Turn) Clinton lost in the same way as she lost to Obama, by being Hillary. If she's the best the Democrat party can deliver, the Democrat party will be out of office even if Drumpf resigns and is imprisoned.
Of course, this time the Democrat party can try with Pocahontas...
Will mock handicapped reporters and tweet insults that make you feel sick
They have a few years actually building secure infrastructure instead of the insecure crap most have in place. If you are not prepared, even advanced script-kiddies can get in.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Once you've been breached you're at least 2-3 years too late to contain the issue. These "nation states" hackers typically aren't the best in the field. They get in through inept security IT people above all else.
These companies have something to sell you - containment is a poor security strategy but sadly most companies won't invest until something happens so containment is their only strategy.
Custom electronics and digital signage for your business: www.evcircuits.com
Once they are in your system, they run a script. It should not take even 20 minutes.
Nobody "stole" any elections. Hillary (It's Her Turn) Clinton lost in the same way as she lost to Obama, by being Hillary. If she's the best the Democrat party can deliver, the Democrat party will be out of office even if Drumpf resigns and is imprisoned.
Of course, this time the Democrat party can try with Pocahontas...
They know this, thus the push for importing millions of people illegally then making them voters. If you can drown out the actual citizens with a loyal constituency then you win. It will destroy the country and wreck standards of living but hey, you can't make an omelette without breaking a few eggs.
I want to know where USA falls on their list.
Crowdstrike story
They have a history of blaming Russia for every hack even if Russia was not involved. They have 2 big cases where they falsely blamed Russia, one a hack in the Ukraine, the second the DNC email server. That's right, the DNC server that the FBI never examined, we were told was hacked by Russia by Comey. Well the people who told him admitted they lied, before Comey came out and told Congress under oath.
So Crowdstrike yelling "RUSSIA!!!" isn't new. Them providing proof would be.
Back to your handlers Ivan.
Stop using Microsoft products, you fucking imbeciles.
"Breakout time" refers to the time a hacker group takes from gaining initial access to a victim's computer to moving laterally through its network...The "breakout" metric is crucial for organizations, as this is the time they have to detect infections and isolate hacked computers before a simple intrusion turns into a compromise of its entire network.
Getting lateral movement is just one of the early steps in the chain, not the game over moment. Nor does it mean 'the entire network' is compromised. Attacker still has to locate what they need on the network and then get access to it, and then exfiltrate it (for stealing data) or break it. In other words, you still have a lot more than 20 minutes to detect and respond effectively.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
1. - Compartmentalize your network
Separate user-space from server-space from dev-space. Use hardened firewalls within the organisation and within the server-space to slow the spread of any attack.
2. - Educate the salesmen and senior management
The people most likely to have weak passwords are senior managers and salesmen, either because they're too busy worrying about the money, or because they've got their heads up so far up their ***** that they can't see the real world. Be sure to have the CIO on board before you stop them using their wives and children's names for passwords.
3. - Install honeytraps with a canary
Deliberately leave some VMs on the network with suitably encouraging names (Fin_Dev_01, Fin_DB01, etc) which have a canary. When the canary expires the CIO decides whether to press the big red button and shut down the internal firewalls.
4. - There's no substitute for a cold backup when one of your key servers is trashed during an attack.
They're already setting that up. Bankfraud Bernie just announced his policy of NO REFUNDS in 2020, so when he bitches out of the primaries of a party he doesn't even belong to, the less intelligent of his supporters will surely be on the warpath for Warren.
Via APK Hosts File Engine 2.0++ 64-bit for Linux/BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploit!
* ONLY 1 of its kind in GUI 4 Linux (soon 4 MacOS)!
99++% of ATTACKS USE HOSTNAMES vs. IP Address!
APK
P.S.=> Protects vs. scripts/trackers (kernelmode faster vs. usermode slower NoScript vs. 3rd party script)/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware download/malcript/email malpayload
See subject & results in https://tech.slashdot.org/comm... https://yro.slashdot.org/comme... https://it.slashdot.org/commen... https://linux.slashdot.org/com... https://news.slashdot.org/comm... https://apple.slashdot.org/com... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://search.slashdot.org/co... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://tech.slashdot.org/comm... https://tech.slashdot.org/comm... https://apple.slashdot.org/com... https://tech.slashdot.org/comm... https://it.slashdot.org/commen... https://tech.slashdot.org/comm... https://tech.slashdot.org/comm... https://science.slashdot.org/c...
* That's only recently while I've been on Linux (July 2018) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VERIFIABLE UNDENIABLE REALITY (see those links as proof)! ... & that's ONLY what /. reported on (there were FAR more)
APK
P.S.=> "It's working: Neville... it's working!" - "I AM LEGEND" + HOSTNAME USE IS DOWN IN MALWARE https://unit42.paloaltonetwork... (my ACT OF FAITH is JUSTIFIED by fact)... apk
"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER
ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"
SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...
Aryeh Goretsky/ESET/NOD32: hosts = good security https://it.slashdot.org/comments.pl?sid=7442373&.cid=49747129/
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/
Spybot S&D uses hosts.
APK
P.S.=> Malwarebytes' hpHosts hosts & RECOMMENDS my program forum.hosts-file.net/viewtopic.php?f=5&t=4290
Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!
* IMITATION truly IS the SINCEREST FORM of FLATTERY!
(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))
US DHS issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war...
APK
P.S.=> Folks, It's NOT EASY being "World-Class" like me (lol - 100,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk
Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016
his hosts program is actually pretty good by xenotransplant August 10 2015
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015
I like your host file system by Karmashock September 09 2015
that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015
I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient/better MERGE feature too - More coming... apk
Apk has the answer for that - really... kill automatic updates by adding a hosts file entry setting updates.steam.com or whatever to 127.0.0.1. You have to find the right hostname for each software you want to block updates on by raymorris (2726007) on Friday July 06, 2018
APK your posts on this and the hosts file posts, and more, have never been in error and/or bad advice by BlueStrat (756137) on Wednesday June 21, 2017
I support APK's stand on the hosts file and can't see why it's not used more than it is. My hosts file is 144247 lines long (4,332 Kb) it & a firewall serves me very well - by Trax3001BBS (2368736)
ABP is insufficient as a solid hosts file does everything APK reminds us about fast turtle September 17 2013
You need APK's hosts file - by Teun (17872) on Wednesday August 06, 2014
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience in this context. Of course, your phone has to be rooted, which isn't the case with Firefox + adblock." - by chihowa on Saturday May 16, 2015
APK solution STILL relevant Thud457 June 11 2015
In a footnote, I would like to note that I find your hosts file admirable - by vel-ex-tech (4337079) on Tuesday November 24, 2015
APK's monolithic hosts file is looking pretty good at the moment - by Culture20 on Thursday November 17
you're right about hosts files - by drinkypoo (153816) on Thursday May 26
APK, I know people give you a lot of shit regarding hosts, but please don't ever stop - by nasredin (958927) on Friday June 12, 2015 @03:34PM
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
Why Crowdstrike, or FireEye are treated as authoritative experts by the media when it comes to analyzing network attacks by "nation-state actors" is beyond me. AFAIK, they're rarely right about anything.
APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works. - by bmo (77928) on Thursday October 15, 2015
get around to 'installing' a hosts file list, not sure which one, likely the one from someonewhocares.org. If it works as well as what I used for a while about ten years ago, I'll be happy. And grateful to APK for the lesson and the reminder. - by kermidge (2221646) on Wednesday March 27
I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster. - by gl4ss (559668) on Thursday November 17
dammit MS, you proved APK right about something by lgw
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
(APK) is still right a hosts file really does work. It even blocked a some of the video ads that were inserted into a stream OrangeTide February 10 2016
the Host File Engine performs exactly as promised - by mmell (832646) on Thursday February 16, 2017
I do use APK's host file on all my systems at home by OrangeTide December 01 2017
I've never tried to belittle (APK's work), I've flat out said it's good - by BronsCon (927697) on Thursday February 11, 2016 @06:48PM (#51491263)
(Toss on 100,000++ users worldwide too!)
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature... apk
*cheers in NPC*
Mobil Oil, ca. 1986. We had a fractional T1 connecting Beaumont, Dallas and Reston, Va.
I was senior network engineer in Beaumont. Got a call from Dallas that a hacker* was crawling all over the place.
I pulled the Ethernet cable on my Cisco router while I was on the phone.
Reston started calling, freaking out. It never occurred to the other blokes that bad guys ride wires.
*The hacker was actually a Joe Cool Kollidge Kid working for us who hooked Mobil to Lamar University in Beaumont to his home computer.
Ah, the learning days. I miss those.
It little behooves the best of us to comment on the rest of us.
The linked article is a masterpiece! So cool names and animals for the state actors! And look at the Mummy Spider below! What a tremendous job! 20 minutes, 3 hours or 5 years, it doesn't matter! Simple values which anyone could easily input into that well-crafted graphical heaven! I don't know what you are selling, but I want 10 of each! Please, take my money!! LOL.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Nah, orange man good! Sign the petition to impeach Nancy Pelosi! She's a traitor to our great nation. Protect our border! Build the Wall!
Nowhere in the article does it say anything about how Crowdstrike are supposed to have identified the attackers. But we do know that the CIA and NSA (to say nothing of other parts of the alphabet soup) have means of disguising their malicious handiwork as that of anyone else they please.
Would anyone like to suggest practical ways in which Crowdstrike could be certain about who is responsible for a given attack?
I am sure that there are many other solipsists out there.
"WHY THE DNC WAS NOT HACKED BY THE RUSSIANS"
William Binney, former Technical Director NSA
Larry Johnson, former State CT and CIA
https://turcopolier.typepad.co...
I am sure that there are many other solipsists out there.
APT has referred to Debian's package manager since 1998 or thereabouts. The earliest public citation for "advanced persistent threat" I can find in a cursory search is from US Air Force Colonel Greg Rattray in 2006.
Assuming you know **it about it.
Specific cases of identified attackers and the methods used to do so tend to be something you have to purchase the support contract to find out.
What is it, like 5 articles in the last 24 hours, pushing the whole evil Russia, evil China, and evil Iran attacking the poor, peaceful and friendly America narrative?
It's tiresome, and it's not working. You have several war criminals among your past presidents. Your intelligence agencies are basically state-sanctioned terrorist organizations, and you have no credibility left.
When Russia, China, and Iran are definitely proven of having hacked you, and your cyber sabotage organization NSA has stopped their activities, then you can complain, and we will listen.
The US has been attacking multiple countries via the Internet for years. We did it first. We did it best. Yay US. Years ago, our doctrine was that Internet attack was a favorable option, because it had less unfortunate consequences than physical attack. But now, Internet can be much more devastating that physical attack. And the US has the most to lose in Internet attack.
The US economy is totally dependent on the Internet. Internet attack can cripple or destroy us. We can no longer afford to legitimize Internet attack. The past aggressive internet attacks by the US, China and Russia have legitimized Internet attack for all the remaining governments. EVERYBODY who has anything valuable, now gets a chance to receive targetted, remote attack by several governments, PLUS targetted attack by the many organized crime groups.
The US must formally cease undeclared war via the Internet. We must work with all other governments to ensure that we ALL stop waging undeclared war via the Internet.
Since when did having an authentic and reputable source matter to the corporate media?
What's up with slashdot lately? Russia, Huawei, China, Russia, Huawei, China, Russi, Huawei, China.
China and North Korea accounted for almost half of all the nation-state attacks in 2018.
U.S.A. is missing from this list. The statistics are obviously B.S.
Um...er....She Actually WON the voters' preference in the Election. It was the Electoral College that reversed that outcome! It's an anachronistic outrage that smaller-population states refuse to challenge, even in light of the Internet...which wasn't even a dream when the E.C. originally rode horseback to their Washington, D.C. meetings.
It needs to be abolished as archaic and unfair to voters. It's one of the reasons some adults refuse to vote...because their vote can be overridden by selected politicians!
You either trust people, or you don't. Having been ON the front-lines, I was gathering information with unique methods, which would've been revealed if the underlying facts we gleaned had been publicized. That what being a "spook" is all about: Finding out what they (e.g., Russians) are doing to harm (or try to harm) us, and working with professionals with other skills to create ways to put a stop to it...but never revealing HOW we found out!
Unless you are in (or have served in) one or more of the security agencies, you are unqualified to claim "fake news" because you're not on the "inside," where you'd have a completely different set of facts at your disposal. Yes, I had a price on my head in Russia (over 40 years ago!), and my colleagues from collaborating branches celebrated us for doing what we did, even though we became "no longer useful" because of that exposure. So, I was moved to public role in the Armed Forces Radio Service (American ratio for soldiers overseas) after I was no longer able to "hide in plain sight" while I found sources and milked them for information others in the agency needed to be able to do THEIR jobs protecting our nation and our citizens.
How do you know they're NOT???
Dey toooook our jobs!!!!!
What is it with this website and old tinfoil hat nutbags?
Shove off, grandpa. Just because you're no longer relevant doesn't mean we want to listen to your trite facebook shit.
I bet they even used a clock to measure time.
*Start timer* Scan, run exploit framework, install software, clean up. Rinse and repeat. *Stop timer*
IT Sec has gotten so hyped everyone with an IQ over 90 that has seen the first Matrix movie has become an "Ethical hacker." or "Pen tester." and yet somehow real talent is harder to find than ever.
The whole idea behind the E.C. was to ensure a few big cities didn't decide who the President would be every four years.
If we really want to talk about how unfair the E.C. is, we can talk about how most states are winner take all. So you get 51% of the vote in a given state and you get EVERYTHING. It's one of numerous reasons why people would like to break up California and Texas as well.
The popular vote would change that but then the politicians would change how they run for office. If they knew it was popular vote they would just blow sunshine at the huge cities and ignore half the country due simply to numbers.
Which brings us right back to the founding fathers didn't want a handful of cities deciding the election every four years.
It's like economists. Politicians come up with policy first, then find an "expert" who will justify it to the public for them.
Nice sentiment, but the cat's out of the bag and you can't put the genie back in the bottle. Welcome to the brave new world where you have to assume anything connected to the Internet will be attacked, whether it's by your own government, another government, a competing business, a black hat, or kids doing it for the lulz. Yeah, I miss the old, friendly Internet as much as anyone, where we could run recursing DNS servers, open mail relays, TCP small services, and unencrypted web servers. But it hasn't existed for more than a decade now.
What you said makes sense to me. It also is why if we're already on the subject of improving the electoral system I'd go for a parliamentary system with proportional representation. That leads to more parties in congress. In particular, (unlike winner takes all) its still rational to have parties focused primarily on the interests of the rural population & on smaller states. It also leads to coalition politics which in turn is more inclusive and more consensus oriented. Yet at the same time each vote has equal weight (unlike with the EC).
I see the retarded bitch Alexander Peter Kowalski is spreading more of his lies. His work does nothing against threats like this but that won't stop him from believing and saying it does. Hell it barely does anything against threats created by script kiddies with one week of experience and advertisers who hold a MBA. At 20 minutes his program is still churning through a bunch of out dated host files it downloaded from elsewhere. There are 2 kinds of security, there is the kind that protects your stuff from your kid sister and there is the kind that protects your stuff from state actors. All of APK's work falls in the kid sister category and he refuses to accept practices that actually do stop state level actors. Because of this no one should take his security advise.
She won by 2.8 million votes national wide. She won California by 4.3 million votes. Without the electoral college, California would've reversed the other 49 state's choice.
And you want to abolish it. Because Orange Man Bad.
What's with your juvenile deflection.
"CrowdStrike says Russian hackers (which the company calls internally "Bears") have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds."
Obviously the US has much better resources than some russian group.
Nope, that's the excuse pseudo-historians try every time. The reality was physical logistics. Those have changed. The EC is obsolete.
Fuck. Off. You. God. Damn. Russian. Paid. Agitator!