Reconnaissance defines how the Threat Group gathers information previous to and during the computer network operations they
engage in. This may be through open source research, scanning, Web, the theft of intellectual property, or human sources.
Regular log collection is critical for understanding the nature of security incidents during an active investigation and post
mortem analysis. AcuteNet has effective audit logging in place. Log events in an audit logging include:
At AcuteNet we have developed a unique built-in system of application logging. The details logged for
each application event capture the following:
To prevent attackers from hiding their activities, strong access control is configured around audit logs to limit the number of accounts that can view or modify audit logs.
Leveraging the power of Open Source technologies, AcuteNet has implemented a 24×7 monitoring system. Monitoring alters infrastructure team in real time in case of any suspicious activity or service errors or warnings. This includes but is not limited to: account changes, account privilege assignment, password changes, application failures, environment application failures and network or disk suspicious activity.
This step is used to capture useful information about the development of infrastructure and tools behind operations.
To provide the highest level of information security, AcuteNet is using the Dell Private Cloud solution. Dell and it’s associated services are constantly audited using industry standards such as ISO 27001 certification and SOC 2 and SOC 3 Type II audits. These are the most widely recognized, internationally accepted and independent security compliance audits.
In addition to using Dell Private Cloud’s robust security architecture, AcuteNet’s application security architecture provides for multilayer encryption. This enables AcuteNet’s customers to take full advantage of cloud computing and Software as a Service (SaaS) innovation in both online and offline mode through the following design framework:
This combination of security and privacy leads to a strong ecosystem that keeps customer information safe.
Weaponization describes the “coupling of a remote access Trojan with an exploit into a deliverable payload.” This is often done through an automated tool commonly called a “weaponizer,” but sometimes referred to as a “builder.” These “weaponizer” frameworks are often detectable by artifacts left within the files.
LAMP is an archetypal model of web service solution stacks, named as an acronym of the names of its original four open-source components: the Linux operating system, the Apache HTTP Server, the MySQL relational database management system (RDBMS), and the PHP programming language. Using LAMP technology stack with the combination of Open Source solutions and Privacy by Design implementation, AcuteNet is effectively protected from such attacks including cross-site scripting, injections, local or remote file inclusion, arbitrary code execution or any weaponized code used for penetrating potential openings in an application. To achieve this, AcuteNet is following LAMP security guidelines and technology standards like:
On all AcuteNet platforms Red Hat Enterprise Linux is used. It provides the stability and security needed to confidently deploy AcuteNet solutions.
This step describes the transmission of the tools into the victim organization. The most common forms of delivery take the forms of Scan&Exploit, Credential-Access, Spearphish, Web-Delivery, or Physical delivery.
AcuteNet is using security controls to prevent data loss, leakage, or unauthorized access to sensitive or restricted data through the following:
Exploitation describes the methods used to execute the malicious code. This step details whether the adversary use new 0-days, appears to acquire 0-days and exploits second-hand, or relies upon social engineering to trick users. It may be possible to describe this step in greater detail with specifics.
To reduce the risks of Zero-Day vulnerabilities AcuteNet is performing next activities:
Installation describes the methods and artifacts left behind by the actor while implanting malicious code on compromised systems. These artifacts can include notable aspects of the installation, and unique installation tools.
The measures to ensure informational security of AcuteNet systems include but are not limited to the following:
Command and Control describes the methods used to interact with compromised resources left within the organization. This activity extends beyond communicating with implants to include hosts used to login with collected credentials, as exfiltration end points, and to interact with web shells. Additionally, hands-on-keyboard activity is often performed from different endpoints than the IP addresses used as call back addresses in RATs. Specific ports, domain names and IP addresses, traffic patterns, and custom protocols used in the interaction with those RATs are all indicators that are descriptive of this stage of the kill chain.
AcuteNet has adopted the Access Control practice to ensure that only authorized users perform command and control procedures. As long as just restricting access isn’t enough to stop a user from misbehaving, AcuteNet performs additional steps to better administer user accounts, control access, and watch for signs of inappropriate access behavior:
Depersonalization of personal identification information by removing and,or encrypting user-defined sensitive data
Both encrypted and decrypted data is only accessible by AcuteNet application
A consistent and easy to use method to access and analyze data from a single view will make decisions more timely and accurate leading to higher quality care
Depersonalization of personal identification information by removing and, or encrypting user-defined sensitive data
Both encrypted and decrypted data is only accessible by AcuteNet™ application
AcuteNet™ Software as a Service Products are designed to be re-used, re-purposed, and re-positioned to the specific needs of customers while providing customers with the financial benefits of cloud computing with the highest standards for security and protection of sensitive information.