Targeted Attack: Do You Really Need to Worry about?
Almost anyone who uses a computer or the internet is aware of threats such as viruses, phishing scams, and malware. However, there is another type of threat that is quickly becoming one of the most dangerous; that threat is known as a targeted attack.
What is a Targeted Attack?
Targeted attacks, also sometimes referred to as targeted threats, are cyber-attacks launched toward a particular industry or organization by threat actors. These attacks are generally malware that is presented as a form of phishing or socially engineered email. These emails include links that, when clicked, launch the malware, which then silently begins infiltrating the target computer and system.
There are six steps involved in targeted attacks:
1. The targeted attack begins with gathering information about the potential target. The security of the target is studied carefully, but that’s not all. Social engineering is a significant part of targeted attacks, so key personnel are studied as well. The information gathered will help the threat actors craft emails that will lure personnel into clicking on the desired links.
2. The next step is determining a point of entry into the target and a delivery mechanism such as an instant message or email embedded with malware. This generally requires human interaction to launch. Once launched, the malware compromises and exploits the system.
3. The third step is known as command and control (C&C). Communication between the threat actor’s server and the compromised system is now open; the system can be controlled remotely.
4. Next is lateral movement and persistence. The malware can now move laterally throughout the system and execute any number of tasks, including looking for sensitive information and enumerating file systems. At this point the threat actor can access password-protected areas, an activity often called, “pass the hash” because of the techniques involved. With this lateral movement, the threat actors can ensure the persistence of remote access.
5. Data and asset discovery come next. This is the information the threat actors are looking for and that will be extracted.
6. Finally, the last step is the extraction or, exfiltration, of the targeted information. This involves both staging and transmitting data to a location of the threat actor’s choosing.
Who is Targeted?
It’s not surprising that governments and large corporations are often the targets of these types of attacks. What is surprising is the scope of the breadth of these attacks. The attacks occur all over the world, across nearly every industry and at every level of the supply chain. Threat actors are not only looking for financial gain, but they are also looking to influence and possibly sabotage their targets.
Keeping this in mind: is it likely the average individual computer and internet user will be the victim of a targeted attack? Most likely not. However, as mentioned above, specific members of targeted organizations often are. Emails are sent to specifically chosen people by name; these emails have been socially engineered and crafted to get that particular person to click on the desired link, allowing the threat actor access to the system.
What Can You Do?
Once a target is chosen, threat actors often attack repeatedly. Because of this, these types of attacks are called advanced persistent threats (APTs). APTs, if left unchecked, can eventually lead to the threat actor gaining ever-increasing access to the targeted system.
The good news is there are several things an organization can do to protect itself from targeted attacks. There are three levels of protection: fundamental, advanced and proactive.
Fundamental security includes measures such as antivirus and antimalware, antispam and antiphishing, plus cloud-powered network and endpoint security. Web application protection, a firewall, and intrusion detection and prevention systems are also part of fundamental security.
Advanced security includes log inspection and patch management in addition to application control, whitelisting, integrity monitoring, and data loss prevention.
Proactive security involves network threat detection, sandboxing, and a proactive virtual patching strategy.
With these types of multi-leveled security measures, falling victim to a targeted attack is much less likely – especially when paired with vigilant, informed users in your network or system. For further information, this infographic visually displays both the scale and potential of (thwarted) attacks.
About the Author:
Contributing author Carlson Hughes has been reporting on cybersecurity for over a decade. Carlson’s current project is a nonfiction work detailing the most devastating cyber-attacks of the century so far.