Whether considered advanced persistent threats (APTs) or malware-based espionage attacks, successful and long-term compromises of high-value organizations and enterprises worldwide by a consistent set of campaigns cannot be ignored.
Once inside a network, targeted attacks can use it as a highway to further a campaign. By using network traffic, coupled with threat intelligence, enterprise response teams can monitor and stop attacks before their respective attackers get away with their goal
RATs or remote access Trojans—like the prominent Gh0st, PoisonIvy, and DRAT—have made it easier for attackers to stay hidden within a target network. A RAT's ability to disguise their network traffic as messaging app traffic makes it especially elusive.
Though phishing threats are typical on the Internet, the danger of spear-phishing attacks shouldn’t be downplayed. Sixty-five government entities have been exposed to spear-phishing—still the favored attack method because of its continued success in tricking
Targeted attack incidents from previous years prove that targeted campaigns don't always use the same attack methods. Diversifying defense measures such as log inspection, virtual patching, and the like can help minimize the risks they may face in 2013.
The Taidoor campaign primarily targeted government organizations located in Taiwan. Trend Micro Research was able to develop indicators of compromise useful in determining if an attack is underway in an enterprise.
Trend Micro cyber security vice president Tom Kellerman says organizations must change the way they think about security when dealing with targeted attacks. Their IT teams must always assume compromise and build their company’s strategies from there.
Attackers have upped the ante by adding Android and Mac OS X to their targeted attack arsenal. Android malware, already a cybercriminal favorite, allows attackers to hop on the BYOD wagon, while Mac OS X malware broadens their scope of potential victims.
The IXESHE attackers are notable for their use of compromised machines within a target’s internal network as C&C servers. While the malware used in the attacks were not very complicated by nature, these proved very effective. This campaign remains an activ