Targeted threat

Targeted threat

Targeted threats are a class of malware destined for one specific organization or industry. A type of crimeware, these threats are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threats delivered via SMTP e-mail, port attacks, zero day attack vulnerability exploits or phishing messages. The home user is the most targeted sector. Financial industries are the second most targeted sector, most likely because cybercriminals desire to profit from the confidential, sensitive information the financial industry IT infrastructure houses. [Symantec Corp., Symantec Internet Security Threat Report, Vol X, Sep. 2006, p. 9.] Similarly, online brokerage accounts have also been targeted by such attacks. [Security and Exchange Commission. "Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information." http://www.sec.gov/investor/pubs/onlinebrokerage.htm]

Impact

The impact of targeted attacks can be far-reaching. In addition to regulatory sanctions imposed by HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act and other laws, they can lead to the loss of revenue, focus and corporate momentum. They not only expose sensitive customer data, but damage corporate reputations and incur potential lawsuits. [Williams, Amrit T., Hallawell, Arabella, et. al, "Hype Cycle for Cyberthreats, 2006", Gartner, Inc., Sept. 13, 2006, p. 17]

Detection and prevention

In contrast to a widespread spam attack, which are widely noticed, because targeted attacks are only sent to a limited number of organizations, these crimeware threats tend to not be reported and thus elude malware scanners. [Shipp, Alex quoted in Gibbs, Wayt. "The Rise of Crimeware.", February 23, 2006. http://blog.sciam.com/index.php?title=the_rise_of_crimeware ]

* Heuristics
* Multiple-layered pattern scanning
* Traffic-origin scanning. Targets known bad locations or traffic anomalies.
* Behavior observation. Including desktop emulator solutions and virtual machine behavior analysis.

Examples

* In one instance, Trojan horses were used as a targeted threat so that Israeli companies could conduct corporate espionage on each other. [Williams, Dan. "Israel holds couple in corporate espionage case." "http://www.computerworld.com/securitytopics/security/virus/story/0,10801,108225,00.html?from=story_kc, Jan. 31, 2006]
* The Hotword Trojan3, the Ginwui4 and the PPDropper Trojans are additional examples of Trojans used for corporate espionage. [Symantec Corp., Symantec Internet Security Threat Report, Vol X, Sep. 2006, p. 4.]
* Targeted destination attacks use harvested IP addresses to send messages directly to recipients without an MX record lookup. It aims for specific sites and users by defeating hosted protection services and internal gateways to deliver e-mail with malicious payloads. [Avinti, Inc. "Targeted Destination Attacks." Sep. 2005. http://www.avinti.com/download/labs/targeted_destination.pdf]

External links

* [http://www.daemon.be/maarten/targetedattacks.html An analysis of Targeted Attacks]

Notes


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Targeted grazing — is the use of domestic livestock to change the composition and structure of vegetation to meet management goals. This technique is often used in combination with other vegetation management treatments such as prescribed fire, seeding, chemical… …   Wikipedia

  • Stereotype threat — is the fear that one s behaviour will confirm an existing stereotype of a group with which one identifies. This fear can sometimes affect performance. Definition Stereotype threat refers to being at risk of confirming, as self characteristic, a… …   Wikipedia

  • Bomb threat — A bomb threat is generally defined as a verbal or written threat to detonate an explosive or incendiary device to cause property damage or injuries, whether or not such a device actually exists. Typically delivered by phone, or other… …   Wikipedia

  • Web threat — A web threat is any threat that uses the internet to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in… …   Wikipedia

  • Malware — Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access… …   Wikipedia

  • Zero-day attack — This article is about technical vulnerabilities. For other uses, see Zero day (disambiguation). A zero day (or zero hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are… …   Wikipedia

  • Computer insecurity — This article is about computer security exploits and defenses. For computer security through design and engineering, see computer security. Computer security Secure operating systems Security architecture Security by design Secure coding …   Wikipedia

  • Runscanner — Infobox Software name = Runscanner caption = Runscanner screenshot developer = Geert Moernaut latest release version = 1.7.0.0 latest release date = August 2008 operating system = Microsoft Windows genre = Malware diagnostic removal license =… …   Wikipedia

  • Media and Publishing — ▪ 2007 Introduction The Frankfurt Book Fair enjoyed a record number of exhibitors, and the distribution of free newspapers surged. TV broadcasters experimented with ways of engaging their audience via the Internet; mobile TV grew; magazine… …   Universalium

  • The Blitz — London Blitz redirects here. For the London based American football team, see London Blitz (American football). For other uses, see Blitz (disambiguation). The Blitz Part of Second World War, Home Front …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”