Today’ most precious commodity is data. It’s in very high demand. And where there is demand, there’s a market just waiting for someone to capitalize on it. This goes a long way in explaining why advanced targeted attacks are becoming increasingly more sophisticated—and focused. It’s not unusual for hackers to target specific individuals within an organization to breach security perimeters. Only one user has to be compromised for an attacker to burrow into a company’s network and filch IP, deal data, legal documents, and more.
7 Steps of a Targeted Attack
Although the motivations for different attacks are many, their structure is often the same.
Step 1 – Size up the Organization
Hackers leverage social media to identify an individual within the targeted organization. For instance, LinkedIn is a fantastic tool for hackers to identify a database administrator at an organization, and then using the available contact information for spear phishing purposes.
Step 2 – Compromise a User
Through a spear phishing campaign, or an exploit of a vulnerability, hackers gain access to the compromised user's machine, and deploy malicious software that allows control and data gathering.
Step 3 – Login & Begin Initial Exploration
Using credentials obtained by a compromised user, cyber criminals can begin a reconnaissance of company data. A prize finding might be charts and illustrations of the network’s architecture. Just like that, a hacker has a blueprint for success.
Step 4 – Solidify Presence within the Organization
Hackers steal additional usernames and passwords, leveraging them to increase their efficiency. Now they can install back doors like phantom user accounts and gain entry to the network at a later time.
Step 5 – Impersonate a Privileged User
Because privileged users are closely monitored, a hacker will escalate permissions of compromised users to extend his reach throughout the datacenter. Greater reach means greater opportunity to uncover valuable data.
Step 6 – Steal Confidential Data
It’s every hacker’s favorite s-word. Yep, he can steal the data he wants, at a time of his own choosing.
Step 7 – Cover Tracks & Prepare for Return Visit
Like every criminal, a hacker will try to avoid detection by covering his tracks. This includes deleting interim accounts and log records, and resetting registry settings and returning escalated permissions. A clean exit is a prelude to a return visit at a later time.
How To Protect Your Data From A Targeted Attack
There’s an irony at work here. The datacenter often contains the most sensitive and important information. But it often has the weakest security controls in place. If valuable data is in such high demand, an improved security stance should be, too.
If you’re interested to learn more about protecting your organization from malware and targeted attacks, download our SlideShare presentation.