AUGUST 1, 2014
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Cybercriminals Prove Two-Factor Authentication Can Be as Holey as Emmental

Security for Home Users
The Dawn of the Internet of Everything: Smart Meters

Security for Business
What Real Targeted Attacks Are Like

Security for Business

What Real Targeted Attacks Are Like

While well-meaning and optimistic, we believe that the misconceptions about targeted attacks could prove harmful to organizations if allowed to persist.”

We work with IT administrators worldwide because we are a security company and that’s part of our job. In such collaborations, we discovered some common misconceptions about targeted attacks. While well-meaning and optimistic, we believe that these misconceptions could prove harmful to organizations if allowed to persist. To avoid further confusion, here are a few truths about targeted attacks:

  • A targeted attack is a one-time effort. Wrong. Threat actors—those behind targeted attacks—wait as long as it takes for their campaigns to take effect. They are very persistent. They’ll attempt to infiltrate target networks over and over until they succeed. They won’t stop even if their attacks get foiled; they’ll just find other means to get into their targets, if necessary.

  • A one-size-fits-all solution exists. Wrong. No two companies are alike. The same goes for their infrastructure. Threat actors also spend a lot of time to customize their attacks to fit a specific target’s infrastructure. As such, solutions also need to be unique, fitting a network like a well-tailored glove.

  • Only a large organization can become a target. Wrong. Information is currency in today’s world. Any and all organizations that hold important data is a likely candidate as attack target. Someone’s employment history may not be worth much to anyone, monetarily speaking, but threat actors can certainly use it for social engineering.

  • A zero-day exploit is always used in targeted attacks. Wrong. Threat actors, in fact, use old vulnerabilities more than zero-days to get in to target networks. They’ll use what works. All they need is one neglected, unpatched hole in your system or network.

  • Anti-malware solutions can stop targeted attacks. While partly true because malware are part of threat actors’ arsenals, they may not always work on their own. Threat actors often use everything they can to get to their targets. As such, IT administrators would do better with the use of more comprehensive security solutions that protect not just the systems and devices under their care but their servers and entire infrastructure, too.

To know more about targeted attacks and how to better protect your organizations, visit our Targeted Attacks portal.

Copyright ©2014 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.