Lawrence Pingree
Research Director
2 years with Gartner
16 years IT industry
Lawrence Pingree's responsibilities include coverage of security technologies and the cloud security space. His main focus is on conducting research targeted at the security aspects of products in the data center… Read Full Bio
by Lawrence Pingree | January 18, 2012 | Comments Off
The other day, I was thinking that I’d love to change the marketing hype around Advanced Persistent Threats, whats really more relevant for customers is to pay attention to what they MUST do to address targeted attacks and one could call the technique an “Advanced Persistent Security Program”
Advanced = Continuously Improving Controls
Persistent = Continuously Monitoring Controls
Security = Security Controls as they relate to addressing risks and threats
Program = Apply the prior concepts to the overall security program from budget, organizational structure and how we operate security.
More to follow in my research but thought, what would I do to change this marketing mantra 
If interested, I just published a best practices research note called “Best Practices for Mitigating Advanced Persistent Threats”
AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBulgarianCatalanChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDetect languageDutchEnglishEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekHaitian CreoleHebrewHindiHungarianIcelandicIndonesianIrishItalianJapaneseKoreanLatinLatvianLithuanianMacedonianMalayMalteseNorwegianPersianPolishPortugueseRomanianRussianSerbianSlovakSlovenianSpanishSwahiliSwedishThaiTurkishUkrainianUrduVietnameseWelshYiddish
⇄AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBulgarianCatalanChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekHaitian CreoleHebrewHindiHungarianIcelandicIndonesianIrishItalianJapaneseKoreanLatinLatvianLithuanianMacedonianMalayMalteseNorwegianPersianPolishPortugueseRomanianRussianSerbianSlovakSlovenianSpanishSwahiliSwedishThaiTurkishUkrainianUrduVietnameseWelshYiddish
Detect language » English
Category: Security Tags:
by Lawrence Pingree | November 4, 2011 | 1 Comment
I thought I would start my blog with a bang by concluding that it may be possible that the next major threat we all face may not just be the fact that we have virtual workloads or virtualized infrastructure, it could be the virtualization capability itself that may be used against us to deploy malwares or malicious operating systems.
It may be entirely possible to auto-deploy a malicious virtual image and run it on a host…… once deployed, what could it do?
Malware capabilities:
With a complete operating system downloaded onto the target system just about anything could be possible including surreptitious network monitoring, network information gathering, data grabbing, vulnerability scanning from inside the network as well as just about anything else including forming an outbound virtual private network to use as a way inside the internal network. Add encryption to the scenario by encrypting the virtualized drives used by the virtual host and it now becomes almost unstoppable.
Let’s walk through this a bit by examining how this may be possible:
- Create a malware payload which consists of a virtual machine player and an infected image or an image created with hacker tools installed on it.
- Craft a zero day attack to infect a host with a file dropper to download the image and player.
- Spread the malware infection using a specially crafted social engineering based e-mail to induce your target to click and execute your zero day and deploy the malware .
- Have the malware download dropped files containing a virtual machine player (with command line capabilities) along with the malicious image you created in the first step.
- Launch your newly downloaded virtual machine image on targeted host as an installed service.
- Use host memory and process obfuscation techniques to make the processes and memory hidden.
A scary concept, one that many of us should think about and plan against.
Category: Security Tags:
