Article Directory
foreword
The APT attack of serial trap means that the attacker uses multiple attack vectors to infiltrate into the target system, making the attack more difficult to detect and contain. These attack vectors often include social engineering, malware, exploits, and phishing emails. Attackers use these attack vectors to continuously launch attacks, escalate privileges, and obtain sensitive data, ultimately achieving long-term control of the target system.
1. Background
APT (Advanced Persistent Threat) attack, that is, advanced persistent threat attack, also known as targeted threat attack. Refers to the continuous and effective attack activities launched by an organization against a specific target. This is a comprehensive attack that combines a variety of common attack methods, including not only traditional network attack techniques, but also some social engineering methods, and attempts to attack through human weaknesses and loopholes. Compared with traditional attacks, the biggest threat of APT attacks is concealment, targeting and persistence. On March 25, the XX Information Threat Intelligence Center officially released the "Global Advanced Persistent Threat (APT) 2021 Annual Report" (referred to as the "Report"), which conducted a comprehensive analysis of APT activities in the past year. The "Report" believes that at this stage, China is still the primary regional target of global APT activities, cyber theft and sabotage activities continue to intensify, and cybersecurity in the economic and technological fields is undergoing unprecedented challenges.
2. Implementation ideas
1. Delivery of pollution information
For database configuration, cache configuration, interactive server configuration, and token encryption factor, write taint information, pointing to honeypots or decoy probes. In the linux system, it is mainly for history and shade