Targeted threat
Encyclopedia
Targeted threats are a class of malware
destined for one specific organization or industry. A type of crimeware
, these threats
are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threats delivered via SMTP e-mail, port attacks, zero day attack vulnerability
exploits or phishing
messages. Government organisations are the most targeted sector . Financial industries are the second most targeted sector, most likely because cybercriminals desire to profit from the confidential, sensitive information the financial industry IT infrastructure houses. Similarly, online brokerage accounts have also been targeted by such attacks.
can be far-reaching. In addition to regulatory sanctions imposed by HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act and other laws, they can lead to the loss of revenue, focus and corporate momentum. They not only expose sensitive customer data, but damage corporate reputations and incur potential lawsuits.
attack, which are widely noticed, because targeted attacks are only sent to a limited number of organizations, these crimeware threats tend to not be reported and thus elude malware scanners.
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
destined for one specific organization or industry. A type of crimeware
Crimeware
Crimeware is a class of malware designed specifically to automate cybercrime. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs...
, these threats
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threats delivered via SMTP e-mail, port attacks, zero day attack vulnerability
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
exploits or phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
messages. Government organisations are the most targeted sector . Financial industries are the second most targeted sector, most likely because cybercriminals desire to profit from the confidential, sensitive information the financial industry IT infrastructure houses. Similarly, online brokerage accounts have also been targeted by such attacks.
Impact
The impact of targeted attacksAttack (computer)
In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
can be far-reaching. In addition to regulatory sanctions imposed by HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act and other laws, they can lead to the loss of revenue, focus and corporate momentum. They not only expose sensitive customer data, but damage corporate reputations and incur potential lawsuits.
Detection and prevention
In contrast to a widespread spamSpam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
attack, which are widely noticed, because targeted attacks are only sent to a limited number of organizations, these crimeware threats tend to not be reported and thus elude malware scanners.
- Heuristics
- Multiple-layered pattern scanning
- Traffic-origin scanning. Targets known bad locations or traffic anomalies.
- Behavior observation. Including desktop emulator solutions and virtual machine behavior analysis.
Examples
- In one instance, Trojan horses were used as a targeted threat so that Israeli companies could conduct corporate espionage on each other.
- The Hotword Trojan3, the Ginwui4 and the PPDropper Trojans are additional examples of Trojans used for corporate espionage.
- Targeted destination attacks use harvested IP addresses to send messages directly to recipients without an MX record lookup. It aims for specific sites and users by defeating hosted protection services and internal gateways to deliver e-mail with malicious payloads.