Attacks are becoming increasingly sophisticated and targeted. Equipped with the proper security intelligence, however, organizations can have a better chance to counteract these attacks.
Advanced persistent threats (APTs) or targeted attacks pertain to computer intrusions by threat actors that aggressively pursue and compromise chosen targets. Enterprises consider targeted attacks high-priority threats because of the considerable impact previous victims have sustained. The very act of conducting business and using new technologies, platforms, and entities only broaden the attack surface.
Our recommendation has always been for enterprises to develop and harness external and local threat intelligence in tandem. This site aggregates threat research on targeted attacks in general and on specific campaigns we have been monitoring. In addition to local threat intelligence, these resources will help your IT/security team gain a comprehensive understanding of targeted attacks and approach the problem of defending against these threats with the proper mindset.
Threat actors will adapt, adjust, and improve their methods based on their victims' defenses. Get to know the six stages of a targeted attack and what your IT team can do to prepare against such.
Familiarize yourself with the different stages of a targeted attack with this visual rendition of how cybercriminals enter and siphon information out of an enterprise network.
Cybercriminals have launched a number of APT campaigns designed to target specific high-profile industries and governments around the globe. Find out if there's a pattern.
Reports of highly targeted attacks have dramatically increased in number. These attacks most commonly target civil society organizations, business enterprises, and government/military networks. Given the targeted nature of these attacks, the distribution is low; however, the impact on compromised institutions remains high. Trend Micro researchers study and monitor targeted attacks and publish their major findings in technical write-ups you can find here.
In the course of monitoring Luckycat servers, our researchers discovered two malicious APKs indicating that threat actors are actively moving toward broadening the possible entry points to a network. See how they try to add mobile to their list of tools.
Read how IXESHE attackers use compromised machines as C&C servers within a target's internal network.
Find out how the people behind the Luckycat campaign used or provided infrastructure for other campaigns that have also been linked to past targeted attacks such as the previously documented ShadowNet campaign.
Learn how the Luckycat attackers infiltrate a network, what activities they perform, and how organizations can defend themselves from this stealthy APT campaign.
Find out how DUQU takes advantage of an exploit to snoop on target systems and how the malware is related to the infamous Stuxnet malware.
Defensive strategies can dramatically improve by understanding how targeted attacks work as well as knowing trends regarding threat actors' tools, tactics and procedures. By effectively using threat intelligence derived from external and internal sources combined with context-aware data protection and security tools that empower and inform human analysts, organizations are better positioned to detect and mitigate targeted attacks.
One of the oft-repeated themes in media reports of cyber security events is that the "threat landscape is constantly evolving," that attacks are becoming increasingly sophisticated and targeted, and that the men and women behind them are better resourced than ever before.
Our researchers have seen attacks use a number of techniques to either ensure redundancy or make their campaigns difficult to track. We have observed attackers utilize stealth and obfuscation techniques to adapt and respond. At this point, the necessity for threat visibility becomes highly important.
Get a rundown of and stay updated on what organizations encounter when faced with this challenge. Browse the featured blog entries: