Prioritizing Security vs Maximizing Online Presence
- Company website
- Articles by the press and media
- Company employees’ social networking and social media accounts
One of the techniques attackers use to further increase their knowledge about the target’s network is the "res://" protocol, a feature present in Internet Explorer (version 4.0 and later).
The attacker need only convince a user to click on a webpage and information about what software are present in the user’s system will be returned. The attacker can then look for an exploit that uses holes in the particular software the user has.
With the knowledge obtained using social engineering and the "res://" protocol, attackers can create attacks that have a higher degree of success.
Point of Entry
Based on APT campaigns our researchers investigated, intrusions into the target network typically begin with an email message that comes with an attachment, such as a PDF or Microsoft Office files like Word or Excel. In the cases of LUCKYCAT and IXESHE, custom-fit email messages were sent to employees. However, this does not mean that threat actors cannot use other delivery mechanisms like instant messaging services or email messages with links that lead to exploit pages.
|
Aspects |
LUCKYCAT |
IXESHE |
|
Industries targeted (varied) |
Aerospace, energy, engineering, shipping, military research, Tibetan activists |
Electronics manufacturers, a German telecommunications company, East Asian governments |
|
Point of entry |
Contextually relevant targeted emails |
Contextually relevant targeted emails |
|
Exploits used (old reliable exploitsused) |
CVE-2010-3333 (aka, Rich Text Format [RTF] Stack Buffer Overflow Vulnerability) in several instances, also Adobe Reader and Flash Playervulnerabilities |
PDF exploits for CVE-2009-4324, CVE-2009-0927, CVE-2011-0609, andCVE-2011-0611 |
Studying the entry point details of these two also reveal that different industries were targeted depending on the intent of the threat actor. Furthermore, the specific exploits used were not necessarily using new vulnerabilities, instead, they are proof that the threat actors have done their research.
Awareness Programs for Employees: An Important Ingredient
Once a system is compromised, detection is highly difficult and easily rectified by attackers. Therefore, as part of an overall security strategy against targeted attacks, organizations should seriously review the effectiveness of user training geared towards being ready for social engineering and spear phishing attacks. Actually testing employees’ responses to simulated attacks may be better than making users just read about them.
According to Trend Micro Threat Researcher Nart Villenueve, "Those that are trained to expect targeted malware attacks are better positioned to report potential threats and constitute an important source of threat intelligence. Ultimately, education can generate a more security conscious culture within an organization."
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
- Unveiling AI Agent Vulnerabilities Part III: Data Exfiltration
- Unveiling AI Agent Vulnerabilities Part II: Code Execution
- Unveiling AI Agent Vulnerabilities Part I: Introduction to AI Agent Vulnerabilities
- The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground
Cellular IoT Vulnerabilities: Another Door to Cellular Networks
AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™
Trend 2025 Cyber Risk Report
CES 2025: A Comprehensive Look at AI Digital Assistants and Their Security Risks