These days, we see an increasing number of cyber-attacks affecting both public and private clouds. According to reports by antivirus companies, clouds can be used by botnets as well as by special services or cyber criminals to run targeted attacks with the purpose of collecting sensitive information in enterprise networks or government institutions.
Current detection security measures often fail because targeted attacks use malicious code, known as 0-day exploits, to expose unknown system vulnerabilities, penetrate network security, and proliferate. Advanced Persistent Threats (APT), in which the attacker tries not to attract too much attention so its spy agents can keep operating without generating a signature for automatic threat detection, can go undetected for years. For example, cyber-attacks NetTraveler, Regin, and TeamSpy were in operation for nine years before antivirus detection.
This presentation will cover:
- An overview of targeted attacks, based on real life examples such as Cloud Atlas, CosmicDuke, and other attacks in the wild
- How to mine network Indicators of Compromise (IoC) to detect infection
- How to use an Intrusion Detection System (IDS) in the cloud to detect network traffic anomalies peculiar to targeted cyber-attacks
By the end of this session, attendees will understand the specifics of targeted cyber attacks and be able to detect APTs or general purpose malware activity in their own cloud networks by using an intrusion detection system.
