The sharing of personal information over the Internet has been a huge driver for targeted attacks, which are designed to steal highly sensitive corporate information. According to the article, “Surviving today’s targeted attacks,” hackers who once sought fame and notoriety are now motivated by money. Targeted attacks go after the most valuable corporate data including source codes, future product information, third-party data, executives’ emails and customer information. Stefan Tanase, senior security researcher at Kaspersky Lab, said there are four steps cyber criminals take in executing a targeted attack:
- Profile the target:
The first step is profiling the employees and choosing the most vulnerable targets. Reconnaissance is done via social networks, mailing list posts, and public presentations. Cyber criminals may also target users that don’t have money because they can serve as valuable resources to create botnets, launch denial-of-service attacks, and collect passwords. - Create unique malware:
The second step is to develop a new and unique malware attack. It doesn’t need to bypass all antivirus, only the one the potential victim is using. In the first quarter of 2010, Kaspersky Lab had a total of 36.2 million unique malicious files in its collection. That’s a significant jump from the two million total unique malware programs from 1992 to 2007. - Social engineering:
Hackers use social engineering to get the victim to click on a link so they can gain control and maintaining access. Once they get someone from the inside to click, the initial exploit drops malware onto the victim’s machine, as networks are usually protected from outside threats. - Getting the goods:
Cyber criminals then find an overseas office server to be used as an internal drop. Data is then quickly moved over the corporate WAN or intranet to the internal drop. All data is then removed at one time to the external drop server. Even if traffic is monitored, it might be too late to react.
Targeted attacks work differently than typical malware attacks. Cyber criminals no longer have to play the numbers game to get a small percentage of users to click on bad emails. By focusing on individuals from specific corporations, Tanase said they’re much more efficient at obtaining the information they’re seeking.
“One e-mail is enough, the cyber criminals don’t need to send tens of thousands. Tracking these attacks is also difficult as targeted companies are seldom eager to share the attacks and details, making it hard to get samples for analysis. These attacks stay under the radar.”
Unfortunately, today’s targeted attacks pose a greater threat to company security. As cyber criminals focus on specific corporate information, Ryan Rubin, associate director at Protiviti, a global consulting and internal audit firm that specializes in risk and advisory services, said the stakes are much higher because a successful attack could result in the theft of intellectual property or corporate espionage.
“Security threats, vulnerabilities and privacy exposures challenge every organization today, creating risks that can result in a range of issues, including revenue loss and reputation damage, if they’re not managed proactively. For most businesses, such intangible assets as customers, systems and information provide the foundation for corporate value, so businesses that don’t address their information security and privacy risks are taking a tremendous gamble with their very livelihood.”
Defending a network against targeted attacks is more complicated because signature-based antivirus solutions are useless against them. Because of this, corporations need to take a proactive approach to ensure these and other highly sophisticated malware threats do not execute in the first place. As organizations are forced to defend their networks from targeted attacks that take advantage of every known and unknown vulnerability in their system, it’s critical to have a solution such as application whitelisting that prevents any unauthorized application or malicious code from executing, no matter how it enters the system.