Beruflich Dokumente
Kultur Dokumente
Percentage of respondents who find the category very and extremely challenging to defend
The Anatomy of a Security
Breach
Hacker Sends Spear Phishing Email
The Hacker creates and sends the Spear Phishing Email
TO: Jacob.Fuller@videoco.com Zone
FROM: Susan.Henry@gmail.com
SUBJECT: Interesting Article DNS
Hi Jacob,
Thought you might like this.
Internet Network
The Hacker crafts the Spearphishing
Very Interesting Article
Cheers,
Susan
Subscribers UI
Hacker's PC
The Corporate DNS server begins a
The Admin PC "recursive"
Receives DNS
thelookup process to
DNS Response
The Video Admin clicks on the link in
DNS Query
Resolve www.letmein.com
IP=66.66.66.66
Response
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
The Browser Sends Web Request
Once DNS completes, the Browser attempts to load the page
WWW letmein.com
Zone
GET Very_Interesting_Article.pdf DNS
Internet Network
Subscribers UI
Hacker's PC
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
The Malware Host Sends Infected PDF
The Malware Web Host creates and sends the infected PDF file
Zone
DNS
Internet Network
Subscribers UI
Hacker's PC
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
The PC is Compromised
The Malware executes and infects the Video Admin PC
Zone
New Bot Acquired
admin@videocorp.com
DNS
HTTPS:
DISK,
101101
NET,
110110
Internet Network
KEYS
010010
Subscribers UI
Hacker's PC
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
The Malware Collects Information
The Malware executes the Hacker's instructions to discover details
Zone
DNS
Internet Network
Subscribers UI
Hacker's PC
The
TheMalware
MalwareKey Disk
Logger
Scan Finds
Captures HostUser
Names, Names,
IP
The Malware
Next, the Malware
first scans
creates
all aaccessible
"keyboard
Passwords
Addresses and Other Sensitive Information
disk storage
logger" process
for information
to capture any on system
Firewall Video Backend 172.16.11.0/24
Email Corp. administration
keystrokes typedactivity
in by(browser
the Video
DNS VLAN 100
Server .1 CAPTURE connections,
PLAYOUT Admin
SSH(usernames,
connections, FTP,
TO: Jacob.Fuller@videoco.com
FROM: Susan.Henry@gmail.com
SUBJECT: Interesting Article Internal Network
.2 ENCODE etc.)
passwords, etc.)
Hi Jacob,
Thought you might like this.
Very Interesting Article S .3 ADSPLICE
Cheers, C
Susan A
.4 ENCAP
N
G O O D O N E 2
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
The Malware Performs Network Recon
The Malware probes the network for additional IP and Port info
Zone
DNS
Internet Network
Subscribers UI
Hacker's PC
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
The Malware Sends Discovery Results
The Malware packages the results and delivers back to the Hacker
Zone
DNS
HTTPS:
101101
SET
PIVOT
110110
Internet Network
010010
Subscribers UI
Hacker's PC
.5 PLAYOUT
Video PLAYOUT Administrator PC
Key Strokes ADMIN, GOODONE2 .6 DRM
Disk Scan Results BOOKMARKS, CONFIGS
Host Information CAPTURE, TRANSCODE,
The Hacker Creates an SSH Session
The Hacker creates admin SSH session to the Video PLAYOUT server
Zone
GOODONE
S SH ADMI2 N@P L AYOUT DNS
Internet Network
Subscribers UI
Hacker's PC
.5 PLAYOUT
Video PLAYOUT Administrator PC PASSWORD for ADMIN?:
.6 DRM
The Hacker Begins to Steal Data
The Hacker downloads files of interest to Hacker's PC
Zone
GET GALAXYWARS.VID DNS
**FILE TRANSFER**
**COMPLETE** Internet Network
Subscribers UI
Hacker's PC
.5 PLAYOUT
Video PLAYOUT Administrator PC GALAXYWARS.VID
.6 DRM
The Hacker Changes the PLAYOUT Content
The Hacker changes the PLAYOUT config to play the new content
Zone
PLAY
UPLOAD
SKULL.MP4
SKULL.MP4
SKULL.MP4 DNS
Internet Network
Subscribers UI
Hacker's PC
Internal Network
.2 ENCODE streaming content.
SUBJECT: Interesting Article
Hi Jacob,
Thought you might like this.
uploaded ideological message content.
Very Interesting Article .3 ADSPLICE
Cheers,
Susan
.4 ENCAP
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
The Hacker Continues to Breach
The Hacker continues to expand and compromise more systems
Zone
DNS
Internet Network
Subscribers UI
Hacker's PC The Hacker, having established a
foothold on the Internal Network, will
search for and compromise additional
Firewall
Corp. Video Backend 172.16.11.0/24 systems throughout the enterprise.
Email VLAN 100
Server DNS Likely targets would include C level
.1 CAPTURE
individuals, Finance individuals and
.2 ENCODE
Internal Network key infrastructure components such as
.3 ADSPLICE
Active Directory.
.4 ENCAP
.5 PLAYOUT
Video PLAYOUT Administrator PC
.6 DRM
CEO Finance AD