Phishing attacks and links to malware appear in millions of emails every day. But a very tiny proportion, or 0.01 percent of all malware, comprises targeted attacks. Given that targeted attacks account for such a small percentage of malware, should we be concerned?
Here are some typical characteristics of a targeted attack. These will help you decide whether they’re something to be concerned about:
The malware file is sent to a very small number of victims, often only one. Thus there is little or no chance of detecting it using signature-based antivirus techniques. Unless the victim realized the file contained malware, and sent it to their antivirus company, there is no one else in the world that has a sample that can be used to create a signature.
The malware file is often a file traditionally thought of as a data file, such as a PDF or DOC file. This has two effects. Firstly, such files pass through email gateways, because most businesses send and receive such files all the time. Secondly, people are used to considering these files as safe, and so can be easily persuaded to open them.
These data files are crafted to cause some problem with the application that opens them. Typically this problem will cause code to execute, not from the known and trusted application itself, but code buried in the data file. Once this happens, it is "game over" for the computer because the attacker can cause any code they like to be run.
The most common way the attack now proceeds is for a small EXE file hidden inside the data file to be decoded and then executed. This EXE file then goes out to the Internet and downloads further components. The attacker now has control over the target computer.
A targeted attack is comparatively expensive to assemble. A one-off piece of malware has been used that is technically difficult to create. The attack itself is often well researched, with complex social engineering to a selected person in the target organization.
Lastly, the organizations selected for this type of attack are mostly well known, large companies or smaller technical companies -- in other words, companies with information that is worth stealing.
It is my contention then, that these targeted attacks are a form of industrial espionage. The computers are compromised so that the attacker can penetrate a corporate network and steal confidential data that is funneled back through the Internet to the attacker.
Although it may seem like a small number, 100 attacks each day is actually a significant cause for concern. The likelihood is that major companies that have not detected any targeted attacks over the last few years have already been attacked and compromised without even knowing it.
— Alex Shipp, Senior Anti-Virus Technologist, MessageLabs
There's a interesting discussion going on in this article about what's keeping our money offline. It relates to security and attacks, I'm sure you can find something useful.
I have definitely noticed this on one of the computers at the office. We are having to format it and start over due to performance degradation.
Not sure if it was a targeted attack or not, but certainly has been having issues lately! Regarding corporate level attacks, agreed, the signs are more complex. Thanks to Alex for bringing this issue to the forefront. We are looking at security from a new (additional) perspective in an effort to consider these ideas.
Well, I don't know much about attacks on a corporate level - servers, networks, since it's the signs are more complex.
But in your personal computer, you can notice signs when your computer starts to slow down (there are a lot of tools to analyze the processes currently running), your internet connection might also start to slow down.
I used to think that anyone smart enough to hack into my information would not waste their time on small potatoes like me, that they would more likely go after nasa or the pentagon or some really lucrative source of data like finance companies, etc. But with all the media traffic about identity theft and the like, it is no far stretch to believe that phishing with a spear could come after a company.
I appreciate you bringing to light the methodology of these attacks. Every IT department has some staffers who have experienced the inconvenience of this to some point, whether it be a virus that got loose and infected the network, or by an attack yet unrecognized by the IT pros within the company.
I agree with Mr. Whyte that education will go a long way toward curbing the effectiveness of these attacks. I hope that there is a solution offered here someplace, though, as it sounds like I may be attacked at any moment and not know it has happened.
Are there any warning signs that may posthumously show I have been attacked? What are the steps beyond education to attack proof my company and others from this malware malice?
Educating folks on how to identify these attcks will be the key to curbing this growing threat. Whilst we may put in place additional security measures by way of technology, teaching folks on how to recognize these attacks in their various forms and shades will be the most effective method. I do still agree with the IRS that 'human factor' is still the key to counterracting these attacks.
Identifying a common trend and /or denominator of these attacks would certainly not be easy since each is being taylor-made for a specific victim but one needs to have 'common sense' on basic issues. Take an example of this direct attacks on some CEOs:
Common sense of legal issues will definitely tells me that a court would not issue a subpoena via email no matter how expedite the matter is. I know it may not be as clear cut as this is but i still believe underneath these phishing emails there is always a caveat to detect that something is just fundamentally suspicious!!!
Interesting argument. I've read a few articles and a book or two about social engineering - which I believe goes towards what you are saying.
Sometimes it's easier for attacker to use those strategies than to spend all their efforts in trying to overcome computer networks, security, firewalls, etc.
And how much industrial espionage is there? Actually, I'm sure there's a lot, especially because companies are so loath to admit they've been attacked -- much less engage in it themselves. I was a member of the Society of Competitive Intelligence Professionals -- corporate spies -- and a jolly bunch they were too. One of their key messages was that you didn't have to do anything illegal to find out way more than any target imagined was available -- just by putting stuff together. Ask a direct question of a few different low-level employees, and each of them will tell you enough so you can put the whole puzzle together. The Chinese government excels at this (yes, a good chunk of all industrial espionage is done by governments, including ours.)
So in terms of resource allocation, it makes much more economic sense to make all employees aware of the value of the company's information, then to try to deal with the no doubt real but expensive if not impossible to combat targeted attack.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
A picture is worth a thousand words, or so the old saying goes. So understanding how to use images in e-newsletters effectively is quite important. Here are a few tips to ensure that your images in email newsletters work to your advantage.
Arms merchant or army? That's a fundamental question for vendors in the cloud computing space. Do they just sell their tooling to any and all comers, who then become the actual purveyors of hosted infrastructure, developer platforms, and software? Or do they offer their own cloud-based services, perhaps even keeping much of their technology in-house for competitive advantage?
With the value of toxic assets on the rise, large U.S. and European banks face many challenges on the road to recovery. Sharing key information may help these firms effectively track the way forward.
Most of us go through life knowing that we’re expected to learn from our mistakes and improve. Those who are more conscientious about learning and personal improvement usually reap greater rewards.
Marketers are known for exaggerated claims and stretching the truth just a wee bit. But most marketers I know truly believe in what they sell. Their aggressiveness is based on a confidence that what they are promoting truly benefits the customer.
While Google introduces its new Chrome OS (which I'm hearing will be widely available in one year? Did I mishear that?), IBM announced 10 new products today to help companies using IBM System z mainframe technology.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Industry initiatives and government stimulus funds are giving enterprise software vendors a great opportunity to help build out and manage smart grid technologies.
The problem with telepresence is that it's not universally accepted, because video calling isn't. While we can all do video calling, we also apparently worry too much about how we look. If we want HD telepresence in our future, we have to dress down, mess up our hair, and dive into our online life.
The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
Financial management planning does not need to include Voodoo economics, but it does help to tap into the knowledge base of your team through some sort of real-time system. We explore your options.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
The successor to the BlackBerry Bold 9000 – the Bold 9700 – will be available soon in the US. Is it worth upgrading? Reiter's got one, and offers advice.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
