Targeted attacks and advanced persistent threats (APTs) are growing in prevalence. These attacks, usually launched by sophisticated cybercriminals, may target organizations of all sorts. Most often they gain access through "social engineering," especially the technique known as spear phishing. And once they have access they can steal information quietly, eluding notice by conventional security measures. Organizations must become more savvy about detecting such break-ins.
As Michelle Drolet reports at Infosec Island, "The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing." A recent study by the Enterprise Strategy Group found that fully 59 percent of enterprise security specialists suspect that their organizations have been targeted by an APT. In response, 40 percent of large organizations have adopted new security measures aimed directly at APTs and targeted attacks.
Most of these attacks take advantage of human victims, using social engineering tactics to gain their unwitting cooperation in penetrating organizations' networks. The most common such tactic is "spear phishing," which is key to fully 91 percent of target attacks.
Spear phishing is a technique in an individual is sent an email that appears to be from a friend or colleague, encouraging the victim to click on a link. If the victim does so, malware can gain access to their computer – and the network to which it belongs. And by stealing information gradually, attackers can avoid triggering obvious red flag events such as large unusual file transfers.
The rise of social media has been a boon for spear phishing. A simple visit to a site such as LinkedIn, for example, may provide a handy list of an individual's professional connections. Such information would have been nearly impossible to obtain just a few years ago.
Training in security awareness is a key protective measure. But the whole point of spear phishing attacks is that they look authentic and convincing. Fuller protection requires monitoring the network for odd, suspicious patterns of communications. Why is one individual's computer running a remote desktop on another's? (Remember that this suspicious activity usually involves an unwitting victim.)
GRT Corporation can help organizations to protect themselves against the subtle new wave of targeted attacks and APTs.