Phishing attacks and links to malware appear in millions of emails every day. But a very tiny proportion, or 0.01 percent of all malware, comprises targeted attacks. Given that targeted attacks account for such a small percentage of malware, should we be concerned?
Here are some typical characteristics of a targeted attack. These will help you decide whether they’re something to be concerned about:
The malware file is sent to a very small number of victims, often only one. Thus there is little or no chance of detecting it using signature-based antivirus techniques. Unless the victim realized the file contained malware, and sent it to their antivirus company, there is no one else in the world that has a sample that can be used to create a signature.
The malware file is often a file traditionally thought of as a data file, such as a PDF or DOC file. This has two effects. Firstly, such files pass through email gateways, because most businesses send and receive such files all the time. Secondly, people are used to considering these files as safe, and so can be easily persuaded to open them.
These data files are crafted to cause some problem with the application that opens them. Typically this problem will cause code to execute, not from the known and trusted application itself, but code buried in the data file. Once this happens, it is "game over" for the computer because the attacker can cause any code they like to be run.
The most common way the attack now proceeds is for a small EXE file hidden inside the data file to be decoded and then executed. This EXE file then goes out to the Internet and downloads further components. The attacker now has control over the target computer.
A targeted attack is comparatively expensive to assemble. A one-off piece of malware has been used that is technically difficult to create. The attack itself is often well researched, with complex social engineering to a selected person in the target organization.
Lastly, the organizations selected for this type of attack are mostly well known, large companies or smaller technical companies -- in other words, companies with information that is worth stealing.
It is my contention then, that these targeted attacks are a form of industrial espionage. The computers are compromised so that the attacker can penetrate a corporate network and steal confidential data that is funneled back through the Internet to the attacker.
Although it may seem like a small number, 100 attacks each day is actually a significant cause for concern. The likelihood is that major companies that have not detected any targeted attacks over the last few years have already been attacked and compromised without even knowing it.
— Alex Shipp, Senior Anti-Virus Technologist, MessageLabs
There's a interesting discussion going on in this article about what's keeping our money offline. It relates to security and attacks, I'm sure you can find something useful.
I have definitely noticed this on one of the computers at the office. We are having to format it and start over due to performance degradation.
Not sure if it was a targeted attack or not, but certainly has been having issues lately! Regarding corporate level attacks, agreed, the signs are more complex. Thanks to Alex for bringing this issue to the forefront. We are looking at security from a new (additional) perspective in an effort to consider these ideas.
Well, I don't know much about attacks on a corporate level - servers, networks, since it's the signs are more complex.
But in your personal computer, you can notice signs when your computer starts to slow down (there are a lot of tools to analyze the processes currently running), your internet connection might also start to slow down.
I used to think that anyone smart enough to hack into my information would not waste their time on small potatoes like me, that they would more likely go after nasa or the pentagon or some really lucrative source of data like finance companies, etc. But with all the media traffic about identity theft and the like, it is no far stretch to believe that phishing with a spear could come after a company.
I appreciate you bringing to light the methodology of these attacks. Every IT department has some staffers who have experienced the inconvenience of this to some point, whether it be a virus that got loose and infected the network, or by an attack yet unrecognized by the IT pros within the company.
I agree with Mr. Whyte that education will go a long way toward curbing the effectiveness of these attacks. I hope that there is a solution offered here someplace, though, as it sounds like I may be attacked at any moment and not know it has happened.
Are there any warning signs that may posthumously show I have been attacked? What are the steps beyond education to attack proof my company and others from this malware malice?
Educating folks on how to identify these attcks will be the key to curbing this growing threat. Whilst we may put in place additional security measures by way of technology, teaching folks on how to recognize these attacks in their various forms and shades will be the most effective method. I do still agree with the IRS that 'human factor' is still the key to counterracting these attacks.
Identifying a common trend and /or denominator of these attacks would certainly not be easy since each is being taylor-made for a specific victim but one needs to have 'common sense' on basic issues. Take an example of this direct attacks on some CEOs:
Common sense of legal issues will definitely tells me that a court would not issue a subpoena via email no matter how expedite the matter is. I know it may not be as clear cut as this is but i still believe underneath these phishing emails there is always a caveat to detect that something is just fundamentally suspicious!!!
Interesting argument. I've read a few articles and a book or two about social engineering - which I believe goes towards what you are saying.
Sometimes it's easier for attacker to use those strategies than to spend all their efforts in trying to overcome computer networks, security, firewalls, etc.
And how much industrial espionage is there? Actually, I'm sure there's a lot, especially because companies are so loath to admit they've been attacked -- much less engage in it themselves. I was a member of the Society of Competitive Intelligence Professionals -- corporate spies -- and a jolly bunch they were too. One of their key messages was that you didn't have to do anything illegal to find out way more than any target imagined was available -- just by putting stuff together. Ask a direct question of a few different low-level employees, and each of them will tell you enough so you can put the whole puzzle together. The Chinese government excels at this (yes, a good chunk of all industrial espionage is done by governments, including ours.)
So in terms of resource allocation, it makes much more economic sense to make all employees aware of the value of the company's information, then to try to deal with the no doubt real but expensive if not impossible to combat targeted attack.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
As we well know, the online echo chamber and its increasingly viral and social components can magnify the propagation speed and distribution of stories and rumors, whether true or false.
In his recent Congressional testimony, Dennis Blair, the U.S. director of national intelligence, stated that the U.S. is "severely threatened" by cyber attacks and that the recent Google (Nasdaq: GOOG) attacks should serve as a wake-up call.
Fatal System Error, the book just released by West-coast-based journalist Joseph Menn, is really a public policy statement written as a thriller for a wider reading public. UPDATED 2:45 PM
Just when you despair that mobile apps are drowning in triviality -- Sticker Jam Hearts, Cookie Doodle, and Love Jive are all top iPhone apps, incidentally, and Calm Candle isn’t far behind -- know that hardworking, serious apps now are clawing their way onto our phones.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Ray Kurzweil's Blio and Apple's iPad tablet will make it easier than ever to have books "read" to us, says Dr. Kim, who believes that talking tablets will become interwoven into our consciousness as we "merge" with the increasingly elegant machines we hold in our hands.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
