Express Computer
Home  »  archive  »  Rise in targeted attacks

Rise in targeted attacks

0 95

Amit Nath Country Manager India and SAARC Trend Micro said “The number of targeted attacks has dramatically increased. Unlike largely indiscriminate attacks that focus on stealing credit card and banking information associated with cybercrime, targeted attacks noticeably differ and are better characterized as cyber espionage. Highly targeted attacks are computer intrusions threat actors’ stage in order to aggressively pursue and compromise specific targets, often leveraging social engineering, in order to maintain persistent presence within the victim’s network so they can move laterally and extract sensitive information.”

He added “In a typical targeted attack, a target receives a contextually relevant e-mail that encourages a potential victim to click a link or open a file. The links and files the attackers send contain malicious code that exploits vulnerabilities in popular software.”

The exploits’ payload is a malware that is silently executed on the target’s computer. This exploitation allows the attackers to take control of and obtain data from the compromised computer. In other cases, the attackers send disguised executable files, usually compressed in archives that, if opened, also compromise the target’s computer. The malware connects back to command-and-control (C&C) servers under the attackers’ control from which they can command the compromised computer to download additional malware and tools that allow them to move laterally throughout the target’s network. These attacks are, however, not isolated smash-and-grab incidents but are part of consistent campaigns that aim to establish covert presence in a target’s network so that information can be extracted as needed. Targeted attacks are rarely isolated events. In fact, they are constant. It is more useful to think of them as campaigns—a series of failed and successful attempts to compromise a target’s network over a certain period of time. The attackers, in fact, often keep track of the different attacks within a campaign in order to determine which individual attack compromised a specific victim’s network. As the attackers learn more about their targets from open source research—relying on publicly available information, as well as previous attacks, the specificity of the attacks may sharply increase.

Targeted attacks have been extremely successful, making the scope of the problem truly global. These have been affecting governments, militaries, defense industries, high-technology companies, intergovernmental organizations, non-governmental organizations (NGOs), media organizations, academic institutions, and activists worldwide. Targeted attacks are not isolated smash-and-grab incidents. They are part of consistent campaigns that aim to establish persistent, covert presence in a target’s network so that information can be extracted as needed. Targeted attacks may not be easy to understand but careful monitoring allows researchers to leverage the mistakes attackers make to get a glimpse inside their operations. Moreover, we can track cyber-espionage campaigns over time using a combination of technical and contextual indicators.

In the course of our research, we discovered that it had a much more diverse target set than previously thought. Not only did the attackers target military research institutions in India, as earlier disclosed by Symantec, they also targeted sensitive entities in Japan and India as well as Tibetan activists. They used a diversity of infrastructure as well, ranging from throw-away free-hosting sites to dedicated VPSs. We also found that the Luckycat campaign can be linked to other campaigns as well. The people behind it used or provided infrastructure for other campaigns that has also been linked to past targeted attacks such as the ShadowNet campaign. Understanding the attack tools, techniques, and infrastructure used in the Luckycat campaign as well as how an individual incident is related to a broader campaign provides the context necessary for us to assess its impact and come up with defensive strategies in order to protect our customers.

Targeted attacks that exploit vulnerabilities in popular software in order to compromise specific target sets are becoming increasingly commonplace. These attacks are not automated and indiscriminate nor are they conducted by opportunistic amateurs. These computer intrusions are staged by threat actors that aggressively pursue and compromise specific targets. Such attacks are typically part of broader campaigns, a series of failed and successful compromises, by specific threat actors and not isolated attacks. The objective of the attacks is to obtain sensitive data. Targeted attacks remain a high priority threat that is difficult to defend. These attacks leverage social engineering and malware that exploits vulnerabilities in popular software to slip past traditional defenses. While such attacks are often seen as isolated events, they are better conceptualized as campaigns, or a series of failed and successful intrusions. Once inside the network, the attackers are able to move laterally in order to target sensitive information for ex-filtration. The impact of successful attacks can be severe and any data obtained by the attackers can be used in future, more precise attacks. However, defensive strategies can be dramatically improved by understanding how targeted attacks work as well as trends in the tools, tactics and procedures of the perpetrators. Since such attacks focus on the acquisition of sensitive data, strategies that focus on protecting the data itself, wherever it resides, are extremely important components of defense. By effectively using threat intelligence derived from external and internal sources combined with context-aware data protection and security tools that empower and inform human analysts, organizations are better positioned to detect and mitigate targeted attacks.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image