Understanding Targeted Attacks: Goals and Motives

In our previous last entry on Understanding Targeted Attacks, we tackled the impact on the targeted organizations as well as the customers that the organization serves (if any). This latest entry explores the motives behind targeted attacks, and why attacker groups spend so much time, effort, and resources to ensure a successful operation

Understanding the motives behind a targeted attack is important because it can determine what an attacker is after. Knowing the motives can help organizations pinpoint what to protect and how to protect it. It also provides an idea of what attackers are capable of, and what they’ll go after first once inside their target network.

What motivates targeted attacks?

While we can’t always know every attacker’s true intentions, we’ve managed to gather a few strong examples derived from how their attacks were carried out.

  • Information Theft – when the attacker aims to acquire information owned by the target and/or stored in the target’s network. This information may be in the form of customer information, business-critical information, or intellectual property.  Targeted attacks are so effective at information theft that 25% of all data breaches since 2005 were the result of targeted attacks.

The RSA data breach is a notable example of an attack motivated by information theft, where data pertaining to their SecurID technology was stolen. The attackers managed to infiltrate the security company’s network through carefully-crafted spearphishing mail, which carried malware that exploited certain Adobe Flash Player vulnerabilities. From there the attackers stole all the data they can find.

Another example is the OPM data breach, where personally-identifiable information—such as names, dates and place of birth, addresses, medical history, even Social Security numbers and fingerprints—of more than 20 million US citizens were leaked. Considered to be one of the biggest data breaches of all time, the breach put the victims—those whose personal information got stolen—at risk of blackmail and fraud.

  • Espionage – when the goal of the attacker is to monitor the activities of the targets and steal information that these targets may have—such as information that could compromise national security. This was seen with Operation Pawn Storm and the campaigns of hacking group Rocket Kitten, where the attackers hacked into the systems of high-profile entities. The most recent update to Pawn Storm involved the surveillance of foreign affairs ministries around the globe, while Rocket Kitten most recently targeted an Iranian lecturer as well as InfoSecurity researchers.
  • Sabotage – when the goal of the attacker is the destruction, defamation or blackmail of its targets. This was seen in the Sony and Ashley Madison data breaches, where attackers used the stolen information to blackmail the company into acceding to specific demands, as we stated in more detail in the article preceding this one, namely “Understanding Targeted Attacks: The Impact of Targeted Attacks”.
In the Sony data breach, the attackers demanded that Sony not release a controversial film that was discovered in their leaked information, even going as far as to threaten terrorist acts on theaters that will play the film.
In the Ashley Madison data breach, the attackers threatened to release all the customer information they stole unless Avid Life Media, the owner of the adult networking website, shut its operations down for good.  

With these three motivations, we can see exactly why attackers can be so determined. Understanding what they’re after is one of the first key steps in being able to stop them in their tracks.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.