Sophisticated. Targeted.
Attacks are becoming increasingly sophisticated and targeted. Equipped with the proper security intelligence, however, organizations can have a better chance to counteract these attacks.
Advanced persistent threats (APTs) or targeted attacks pertain to computer intrusions by threat actors that aggressively pursue and compromise chosen targets. Enterprises consider targeted attacks high-priority threats because of the considerable impact previous victims have sustained. The very act of conducting business and using new technologies, platforms, and entities only broaden the attack surface.
Our recommendation has always been for enterprises to develop and harness external and local threat intelligence in tandem. This site aggregates threat research on targeted attacks in general and on specific campaigns we have been monitoring. In addition to local threat intelligence, these resources will help your IT/security team gain a comprehensive understanding of targeted attacks and approach the problem of defending against these threats with the proper mindset.
Detecting the Enemy Inside the Network
How Tough Is It to Deal with APTs?
Threat actors will adapt, adjust, and improve their methods based on their victims' defenses. Get to know the six stages of a targeted attack and what your IT team can do to prepare against such.
APT Myths and Challenges
Familiarize yourself with the different stages of a targeted attack with this visual rendition of how cybercriminals enter and siphon information out of an enterprise network.
Targeted Groups and Industries
Cybercriminals have launched a number of APT campaigns designed to target specific high-profile industries and governments around the globe. Find out if there's a pattern.
Reports of highly targeted attacks have dramatically increased in number. These attacks most commonly target civil society organizations, business enterprises, and government/military networks. Given the targeted nature of these attacks, the distribution is low; however, the impact on compromised institutions remains high. Trend Micro researchers study and monitor targeted attacks and publish their major findings in technical write-ups you can find here.
New Infection Vectors
Adding Android and Mac OS X Malware to the APT Toolbox
In the course of monitoring Luckycat servers, our researchers discovered two malicious APKs indicating that threat actors are actively moving toward broadening the possible entry points to a network. See how they try to add mobile to their list of tools.
Campaign Overviews
IXESHE
Read how IXESHE attackers use compromised machines as C&C servers within a target's internal network.
Luckycat
Find out how the people behind the Luckycat campaign used or provided infrastructure for other campaigns that have also been linked to past targeted attacks such as the previously documented ShadowNet campaign.
Technical Reports on Targeted Attacks
Luckycat Attacks Several Industries
Learn how the Luckycat attackers infiltrate a network, what activities they perform, and how organizations can defend themselves from this stealthy APT campaign.
DUQU Uses STUXNET-Like Techniques
to Conduct Information Theft
Find out how DUQU takes advantage of an exploit to snoop on target systems and how the malware is related to the infamous Stuxnet malware.
Defensive strategies can dramatically improve by understanding how targeted attacks work as well as knowing trends regarding threat actors' tools, tactics and procedures. By effectively using threat intelligence derived from external and internal sources combined with context-aware data protection and security tools that empower and inform human analysts, organizations are better positioned to detect and mitigate targeted attacks.
Annotations from the Labs
How to Thwart the Digital Insider – An Advanced Persistent Response to Targeted Attacks
One of the oft-repeated themes in media reports of cyber security events is that the "threat landscape is constantly evolving," that attacks are becoming increasingly sophisticated and targeted, and that the men and women behind them are better resourced than ever before.
Inside the Network: Time for Persistence
Our researchers have seen attacks use a number of techniques to either ensure redundancy or make their campaigns difficult to track. We have observed attackers utilize stealth and obfuscation techniques to adapt and respond. At this point, the necessity for threat visibility becomes highly important.
Security IQ on Targeted Incidents
Get a rundown of and stay updated on what organizations encounter when faced with this challenge. Browse the featured blog entries:
- The “Nitro” Campaign and Java Zero-Day - New!
7/31/2012 - Gauss Continues Streak of Possible State-Sponsored Attacks
7/13/2012 - Spammers Use Fake Tibetan Statement on the Olympics
7/11/2012 - DEFCON 2012: Android Malware in Luckycat Servers
6/28/2012 - Update on FLAME
5/1/2012
Connect with us on
| | | |