Targeted threat

Last updated August 01, 2023

Targeted threats are a class of malware destined for one specific organization or industry. A type of crimeware, these threats are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threats delivered via SMTP e-mail, port attacks, zero day attack vulnerability exploits or phishing messages. Government organisations are the most targeted sector.^[1] Financial industries are the second most targeted sector, most likely because cybercriminals desire to profit from the confidential, sensitive information the financial industry IT infrastructure houses.^[2] Similarly, online brokerage accounts have also been targeted by such attacks.^[3]

Impact

The impact of targeted attacks can be far-reaching. In addition to regulatory sanctions imposed by HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act and other laws, they can lead to the loss of revenue, focus and corporate momentum. They not only expose sensitive customer data, but damage corporate reputations and incur potential lawsuits.^[4]

Detection and prevention

In contrast to a widespread spam attack, which are widely noticed, because targeted attacks are only sent to a limited number of organizations, these crimeware threats tend to not be reported and thus elude malware scanners.^[5]

Heuristics
Multiple-layered pattern scanning
Traffic-origin scanning. Targets known bad locations or traffic anomalies.
Behavior observation. Including desktop emulator solutions and virtual machine behavior analysis.

Examples

In one instance, Trojan horses were used as a targeted threat so that Israeli companies could conduct corporate espionage on each other.^[6]
The Hotword Trojan, the Ginwui and the PPDropper Trojans are additional examples of Trojans used for corporate espionage.^[7]
Targeted destination attacks use harvested IP addresses to send messages directly to recipients without an MX record lookup. It aims for specific sites and users by defeating hosted protection services and internal gateways to deliver e-mail with malicious payloads.^[8]

External links

An analysis of Targeted Attacks

Notes

↑ "Email Security.cloud - Symantec Enterprise".
↑ Symantec Corp., Symantec Internet Security Threat Report, Vol X, Sep. 2006, p. 9.
↑ Security and Exchange Commission. "Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information." https://www.sec.gov/investor/pubs/onlinebrokerage.htm
↑ Williams, Amrit T., Hallawell, Arabella, et al., "Hype Cycle for Cyberthreats, 2006", Gartner, Inc., Sept. 13, 2006, p. 17
↑ Shipp, Alex quoted in Gibbs, Wayt. "The Rise of Crimeware.", February 23, 2006. "The Rise of CrimewareBLOG: SciAm Observations: A blog from the editors of Scientific American". Archived from the original on 2006-12-06. Retrieved 2006-11-28.
↑ Williams, Dan. "Israel holds couple in corporate espionage case." "http://www.computerworld.com/securitytopics/security/virus/story/0,10801,108225,00.html?from=story_kc, Jan. 31, 2006
↑ Symantec Corp., Symantec Internet Security Threat Report, Vol X, Sep. 2006, p. 4.
↑ Avinti, Inc. "Targeted Destination Attacks." Sep. 2005. "Archived copy" (PDF). Archived from the original (PDF) on 2012-02-15. Retrieved 2006-11-28.{{cite web}}: CS1 maint: archived copy as title (link)

Related Research Articles

<span class="mw-page-title-main">Malware</span> Malicious software

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Rootkit</span> Software designed to enable access to unauthorized locations in a computer

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

<span class="mw-page-title-main">Ransomware</span> Malicious software used in ransom demands

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

<span class="mw-page-title-main">Crimeware</span> Class of malware designed specifically to automate cybercrime

Crimeware is a class of malware designed specifically to automate cybercrime.

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.

<span class="mw-page-title-main">Rogue security software</span> Form of malicious software

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software;, but a 2011 report concluded that additional measures on top of antivirus software were needed.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

<span class="mw-page-title-main">Advanced persistent threat</span> Set of stealthy and continuous computer hacking processes

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Mobile security</span> Security risk and prevention for mobile devices

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Seculert is a cloud-based cyber security technology company based in Israel. The company's technology is designed to detect breaches and Advanced Persistent Threats (APTs), attacking networks. Seculert's business is based on malware research and the ability to uncover malware that has gone undetected by other traditional measures.

Havex malware, also known as Backdoor.Oldrea, is a RAT employed by the Russian attributed APT group “Energetic Bear” or “Dragonfly." Havex was discovered in 2013 and is one of five known ICS tailored malware developed in the past decade. These malwares include Stuxnet, BlackEnergy, Industroyer/CRASHOVERRIDE, and TRITON/TRISIS. Energetic Bear began utilizing Havex in a widespread espionage campaign targeting energy, aviation, pharmaceutical, defense, and petrochemical sectors. The campaign targeted victims primarily in the United States and Europe.

The Nitro hacking attacks were a targeted malware campaign in 2011 suspected to be a case of corporate espionage. At least 48 confirmed companies were infected with a Trojan called Poison Ivy that transferred intellectual property to remote servers. Much of the information known about these attacks comes from a white paper published by cybersecurity company Symantec.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Email Security.cloud - Symantec Enterprise".

[2] Symantec Corp., Symantec Internet Security Threat Report, Vol X, Sep. 2006, p. 9.

[3] Security and Exchange Commission. "Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information." https://www.sec.gov/investor/pubs/onlinebrokerage.htm

[4] Williams, Amrit T., Hallawell, Arabella, et al., "Hype Cycle for Cyberthreats, 2006", Gartner, Inc., Sept. 13, 2006, p. 17

[5] Shipp, Alex quoted in Gibbs, Wayt. "The Rise of Crimeware.", February 23, 2006. "The Rise of CrimewareBLOG: SciAm Observations: A blog from the editors of Scientific American". Archived from the original on 2006-12-06. Retrieved 2006-11-28.

[6] Williams, Dan. "Israel holds couple in corporate espionage case." "http://www.computerworld.com/securitytopics/security/virus/story/0,10801,108225,00.html?from=story_kc, Jan. 31, 2006

[7] Symantec Corp., Symantec Internet Security Threat Report, Vol X, Sep. 2006, p. 4.

[8] Avinti, Inc. "Targeted Destination Attacks." Sep. 2005. "Archived copy" (PDF). Archived from the original (PDF) on 2012-02-15. Retrieved 2006-11-28.{{cite web}}: CS1 maint: archived copy as title (link)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]