Phishing attacks and links to malware appear in millions of emails every day. But a very tiny proportion, or 0.01 percent of all malware, comprises targeted attacks. Given that targeted attacks account for such a small percentage of malware, should we be concerned?
Here are some typical characteristics of a targeted attack. These will help you decide whether they’re something to be concerned about:
The malware file is sent to a very small number of victims, often only one. Thus there is little or no chance of detecting it using signature-based antivirus techniques. Unless the victim realized the file contained malware, and sent it to their antivirus company, there is no one else in the world that has a sample that can be used to create a signature.
The malware file is often a file traditionally thought of as a data file, such as a PDF or DOC file. This has two effects. Firstly, such files pass through email gateways, because most businesses send and receive such files all the time. Secondly, people are used to considering these files as safe, and so can be easily persuaded to open them.
These data files are crafted to cause some problem with the application that opens them. Typically this problem will cause code to execute, not from the known and trusted application itself, but code buried in the data file. Once this happens, it is "game over" for the computer because the attacker can cause any code they like to be run.
The most common way the attack now proceeds is for a small EXE file hidden inside the data file to be decoded and then executed. This EXE file then goes out to the Internet and downloads further components. The attacker now has control over the target computer.
A targeted attack is comparatively expensive to assemble. A one-off piece of malware has been used that is technically difficult to create. The attack itself is often well researched, with complex social engineering to a selected person in the target organization.
Lastly, the organizations selected for this type of attack are mostly well known, large companies or smaller technical companies -- in other words, companies with information that is worth stealing.
It is my contention then, that these targeted attacks are a form of industrial espionage. The computers are compromised so that the attacker can penetrate a corporate network and steal confidential data that is funneled back through the Internet to the attacker.
Although it may seem like a small number, 100 attacks each day is actually a significant cause for concern. The likelihood is that major companies that have not detected any targeted attacks over the last few years have already been attacked and compromised without even knowing it.
— Alex Shipp, Senior Anti-Virus Technologist, MessageLabs
There's a interesting discussion going on in this article about what's keeping our money offline. It relates to security and attacks, I'm sure you can find something useful.
I have definitely noticed this on one of the computers at the office. We are having to format it and start over due to performance degradation.
Not sure if it was a targeted attack or not, but certainly has been having issues lately! Regarding corporate level attacks, agreed, the signs are more complex. Thanks to Alex for bringing this issue to the forefront. We are looking at security from a new (additional) perspective in an effort to consider these ideas.
Well, I don't know much about attacks on a corporate level - servers, networks, since it's the signs are more complex.
But in your personal computer, you can notice signs when your computer starts to slow down (there are a lot of tools to analyze the processes currently running), your internet connection might also start to slow down.
I used to think that anyone smart enough to hack into my information would not waste their time on small potatoes like me, that they would more likely go after nasa or the pentagon or some really lucrative source of data like finance companies, etc. But with all the media traffic about identity theft and the like, it is no far stretch to believe that phishing with a spear could come after a company.
I appreciate you bringing to light the methodology of these attacks. Every IT department has some staffers who have experienced the inconvenience of this to some point, whether it be a virus that got loose and infected the network, or by an attack yet unrecognized by the IT pros within the company.
I agree with Mr. Whyte that education will go a long way toward curbing the effectiveness of these attacks. I hope that there is a solution offered here someplace, though, as it sounds like I may be attacked at any moment and not know it has happened.
Are there any warning signs that may posthumously show I have been attacked? What are the steps beyond education to attack proof my company and others from this malware malice?
Educating folks on how to identify these attcks will be the key to curbing this growing threat. Whilst we may put in place additional security measures by way of technology, teaching folks on how to recognize these attacks in their various forms and shades will be the most effective method. I do still agree with the IRS that 'human factor' is still the key to counterracting these attacks.
Identifying a common trend and /or denominator of these attacks would certainly not be easy since each is being taylor-made for a specific victim but one needs to have 'common sense' on basic issues. Take an example of this direct attacks on some CEOs:
Common sense of legal issues will definitely tells me that a court would not issue a subpoena via email no matter how expedite the matter is. I know it may not be as clear cut as this is but i still believe underneath these phishing emails there is always a caveat to detect that something is just fundamentally suspicious!!!
Interesting argument. I've read a few articles and a book or two about social engineering - which I believe goes towards what you are saying.
Sometimes it's easier for attacker to use those strategies than to spend all their efforts in trying to overcome computer networks, security, firewalls, etc.
And how much industrial espionage is there? Actually, I'm sure there's a lot, especially because companies are so loath to admit they've been attacked -- much less engage in it themselves. I was a member of the Society of Competitive Intelligence Professionals -- corporate spies -- and a jolly bunch they were too. One of their key messages was that you didn't have to do anything illegal to find out way more than any target imagined was available -- just by putting stuff together. Ask a direct question of a few different low-level employees, and each of them will tell you enough so you can put the whole puzzle together. The Chinese government excels at this (yes, a good chunk of all industrial espionage is done by governments, including ours.)
So in terms of resource allocation, it makes much more economic sense to make all employees aware of the value of the company's information, then to try to deal with the no doubt real but expensive if not impossible to combat targeted attack.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
The smartphone market reached a significant milestone, a breakthrough that may cause vendors to celebrate but could strain the capabilities of IT service desks.
In the fall of 2011, around 160,000 students in 190 countries enrolled in a Stanford-sponsored online course about artificial intelligence. About 23,000 completed the course and got certificates, including 248 who got a perfect score. The university offered the same course the old-fashioned way to students sitting in Stanford classrooms. None of the those students got a perfect score.
As Mitch Wagner discussed today, Yahoo is acquiring Tumblr. The big Internet debate at the moment is whether Tumblr will be good or bad for Yahoo. Regardless of their stances on the future of Yahoo itself, many claim that Yahoo will somehow ruin Tumblr.
Has China stolen a march on the West, developing an Internet architecture that is not only based on IPv6, but is also inherently secure from both internal and external attack?
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Ushering in a new era of cognitive computing systems, IBM announced today the IBM Watson Engagement Advisor, a technology breakthrough that allows brands to crunch big data in record time to transform the way they engage clients in key functions such as customer service, marketing, and sales.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
