July 11, 2013

Security ThreatsToday’ most precious commodity is data. It’s in very high demand. And where there is demand, there’s a market just waiting for someone to capitalize on it. This goes a long way in explaining why advanced targeted attacks are becoming increasingly more sophisticated—and focused. It’s not unusual for hackers to target specific individuals within an organization to breach security perimeters. Only one user has to be compromised for an attacker to burrow into a company’s network and filch IP, deal data, legal documents, and more.

7 Steps of a Targeted Attack

Although the motivations for different attacks are many, their structure is often the same.

Step 1 – Size up the Organization

Hackers leverage social media to identify an individual within the targeted organization. For instance, LinkedIn is a fantastic tool for hackers to identify a database administrator at an organization, and then using the available contact information for spear phishing purposes.

Step 2 – Compromise a User

Through a spear phishing campaign, or an exploit of a vulnerability, hackers gain access to the compromised user's machine, and deploy malicious software that allows control and data gathering.

Step 3 – Login & Begin Initial Exploration

Using credentials obtained by a compromised user, cyber criminals can begin a reconnaissance of company data. A prize finding might be charts and illustrations of the network’s architecture. Just like that, a hacker has a blueprint for success.

Step 4 – Solidify Presence within the Organization

Hackers steal additional usernames and passwords, leveraging them to increase their efficiency. Now they can install back doors like phantom user accounts and gain entry to the network at a later time.

Step 5 – Impersonate a Privileged User

Because privileged users are closely monitored, a hacker will escalate permissions of compromised users to extend his reach throughout the datacenter. Greater reach means greater opportunity to uncover valuable data.

Step 6 – Steal Confidential Data

It’s every hacker’s favorite s-word. Yep, he can steal the data he wants, at a time of his own choosing.

Step 7 – Cover Tracks & Prepare for Return Visit

Like every criminal, a hacker will try to avoid detection by covering his tracks. This includes deleting interim accounts and log records, and resetting registry settings and returning escalated permissions. A clean exit is a prelude to a return visit at a later time.

How To Protect Your Data From A Targeted Attack

There’s an irony at work here. The datacenter often contains the most sensitive and important information. But it often has the weakest security controls in place. If valuable data is in such high demand, an improved security stance should be, too.

If you’re interested to learn more about protecting your organization from malware and targeted attacks, download our SlideShare presentation.


Authors:

Share:
Share on LinkedIn

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.