View: Understanding Targeted Attacks: What has Changed?
Targeted attacks are (or should be) an important concern to large organizations anywhere. Well-designed attacks proceed in six stages that show how attackers progress within their targets.
It has been several years since targeted attacks first emerged onto the threat landscape, and both the threats and our understanding of them have evolved and matured. What have we learned and what has changed since then?
Before we jump into the discussion about the different components of a targeted attack, it is also important to consider the factors that make a campaign successful. One of the reasons a company gets breached is because their frontline—the employees and their awareness—is weak. Meaning, the human barrier is critical as a first line of defense against targeted attacks.
The components are not particularly distinct.
The six components or "stages" of a targeted attack represent distinct steps in a logical, structured attack. Reality, however, is far messier. Once a stage is “finished”, it doesn't mean that no other activities related to that stage will take place. It may be possible for multiple stages of an attack to be going on at the same time: for example, C&C communication takes place throughout any targeted attack. The attacker needs to keep control of any activities going on within the targeted network, so naturally C&C traffic will continue to go back and forth between attacker and any compromised systems.
It's better to think of each component as different facets of the same attack. Different portions of a network may be facing different facets of an attack at the same time.
This can have a significant effect on how an organization has to respond to an attack. It cannot simply be assumed that because an attack was detected at an “earlier” stage that “later” stages of an attack are not in progress. A proper threat response plan should consider this and plan accordingly.
The six stages of a targeted attack
For more details on targeted attacks, including how it works, the attacker's motivations, and its effects on its victims, download the primer Understanding Targeted Attacks: What has Changed?
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.