MAY 23, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Cybercrime Hits the Unexpected

Security for Home Users
Cybercriminals Attempt to Score with World-Cup-Themed Threats

Security for Business
Why Threat Intelligence Is Important When Securing Against Targeted Attacks



Security for Business

Why Threat Intelligence Is Important When Securing Against Targeted Attacks

Targets may vary but targeted attacks often have just one end goal—to exfiltrate sensitive information or so-called ‘crown jewels’ from chosen networks.”



Threat actors always look for and exploit weak points in target networks. In most cases, targeted attacks involve exploiting vulnerabilities, as in the recent case of several Taiwanese agencies.

Attacks Against Taiwanese Agencies

The recent attacks affected governmental and educational agencies and a mailing service provider in Taiwan. The attackers used a (then) zero-day exploit for the CVE-2014-1761 vulnerability in Microsoft™ Word®. Microsoft has since issued a patch for the vulnerability after acknowledging its “limited use in targeted attacks.”

Patch availability does not deter threat actors from exploiting such a vulnerability. In the attacks, the final payload was a backdoor that could search for and exfiltrate certain files.

Identifying Indicators of Compromise

Targets may vary but targeted attacks often have just one end goal—to exfiltrate sensitive information or so-called “crown jewels” from chosen networks.

While targeted attacks may be difficult to detect, threat actors often left traces that can serve as indicators of ongoing or future attacks. Indicators of compromise (IoCs) can come from publicly available reports on known targeted attacks, data feeds, and other reports. A sample IoC would be incoming and outgoing network traffic format. Network traffic indicators are often used to detect targeted attacks because the command-and-control (C&C) protocols they use tend to remain consistent. In fact, the attacks on two of the targets had ties to the Taidoor Campaign because they used similar network traffic structures.

Protecting Crown Jewels

IoCs are only as good as what is made of them. They make up just one component of threat intelligence. Threat intelligence refers to “any information pertaining to the tools, tactics, and procedures threat actors use to carry out campaigns.” With good threat intelligence, targeted attacks can be detected earlier, reducing the risk of data exfiltration.

Organizations may differ from one another but they all have crown jewels to protect. They should consider obtaining threat intelligence as another means to mitigate ongoing and future targeted attacks.

Copyright ©2014 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: