Trend Micro says 2014 shows targeted attacks to exflitrate data becoming a major threat to individuals and organisations alike.
The growing number of targeted attacks to exfiltrate data last year proves that cyber security remains a major threat to individuals and organisations today, says a recent report by security software company, Trend Micro.
The report on computer security pointed out that cybercriminals have continued to push the envelope with targeted attack techniques because these proved effective in increasing their financial gain. These techniques include abusing legitimate tools such as Windows PowerShell and legitimate platforms such as Dropbox.
It also noted that highly specific applications, programmes, operating systems and setups did little to prevent them from launching effective attacks in 2014. In fact, new infection vectors and malware technologies and techniques have helped attackers cover their tracks and conceal malicious activities within the targeted networks.
Most of these attacks were due to reasons such as sabotage, retaliation and stealing of information.
Governments, it seems, remain the most favoured target in 2014, making up more than 70% of industries affected by targeted attacks last year. But small outfits did not escape the radars of attackers either.
“The actors behind Predator Pain and Limitless keyloggers, for instance, went after small and medium-sized businesses (SMBs) instead of individuals, allowing them to earn as much as US$75mil in just six months,” Trend Micro reveals.
Cybercriminals targeting businesses usually send business-themed messages laced with either Predator Pain or Limitless keyloggers as attachment to publicly listed corporate email addresses.
The keyloggers allow them to obtain browser-cached online account credentials and saved chat messages and emails that they could then use for more damaging purposes. They also enable attackers to send emails to victims’ business partners, thus allowing attackers to gain access to even bigger targets.
Targeted attacks comprise of six components—intelligence gathering, point of entry, command and control (C&C), lateral movement, asset/data discovery and data exfiltration.
According to the report, attackers initially gather target victims’ profile information, which is then used as a delivery mechanism to gain entry into their networks. Once communication between compromised systems and C&C servers under attack is established, threat actors can then laterally move throughout the network and identify sensitive files to exfiltrate.
Some of the major attackers in 2013 were from the US, North Korea, Russia, China, Vietnam, and India. In 2014, some were from Syria, Iran, the UK and France.
Organisations also have to deal with the probability of insider threats that usually involve disgruntled employees who intend to get back at their employers by stealing or leaking sensitive corporate information.
Amid the changes, one thing remains, enterprises need to adopt more effective solutions and employ better strategies to combat risks that targeted attacks pose. They need to keep up with improvements in targeted attack techniques and methodologies to mitigate and thwart attacks before data exfiltration occurs.
“Given the increased volume of targeted attacks, ease of mounting them, and difficulty to protect against them, network defenders must be able to exactly understand what a shift in mindset from prevention to detection entails. This means accepting that targeted attacks are or will eventually hit their networks, so no suite of blacklisting technologies will be able to keep determined threat actors at bay.
“Fully understanding boundaries, traffic flow, and activities is crucial in maintaining comprehensive control of what is happening throughout networks,” the report stresses.
