Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    May 2014
    S M T W T F S
    « Apr   Jun »
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for May 19th, 2014




    Targeted attacks are known to use zero-day exploits. However, old vulnerabilities are still frequently exploited. In fact, based on cases analyzed in the second half of 2013, the most exploited vulnerability in this time frame was CVE-2012-0158, a Microsoft Office vulnerability that was patched in April 2012. This shows how important applying the latest patches and security updates are in mitigating the risks posed by these threats.

    Figure 1. Most commonly exploited vulnerabilities related to targeted attacks

    Targets

    Our findings (based on cases that we have analyzed) indicate that 80% of targeted attack-related incidents affect government institutions. This is followed by the IT sector (both hardware and software) and the financial services (banks).  In terms of countries affected, Taiwan and Japan are the two most hit by targeted attacks.

    In addition, we also monitor the locations of various IP addresses that accessed known C&C servers associated with targeted attacks. Our data show that Taiwan, Japan, and the United States were the most targeted countries.

    Figure 2. Countries with the most number of users who accessed C&C servers related to targeted attacks

    Tools of the Trade

    Nearly 60% of malware used in targeted attacks are Trojans or Trojan spyware. These types of malware steal user credentials that provide the gateway for threat actors to exploit other areas of a penetrated network. This is followed by backdoors (22%) employed to establish C&C communications and lead to the next stages of targeted attacks. It is also interesting to note that almost 10% of malware related to targeted attacks run only on 64-bit platforms.

    Figure 3. Non 64- and 64-bit malware distribution

    Spear phishing is still the most seen entry point for targeted attacks. These email messages use relevant-sounding subjects that trick users into opening it and the file attachments therein that serve as malware carriers.  In our 2014 prediction, we noted that mobile devices will also be leveraged by threat actors to gain entry to networks.

    Custom Defense against Targeted Attacks

    Although targeted attacks are difficult to detect, this task can be made easier with solutions that use advanced threat detection technology that can detect, analyze, and respond to attacks that traditional antivirus signature-based solutions and blacklisting are not capable of.

    Targeted attacks often leave traces that can serve as indicators of compromise. As such, enterprises and large organizations are encouraged to build their own threat intelligence capability, which they can incorporate into their own existing security solutions.

    For more details on the trends in targeted attacks in the second half of 2013, read the full report here.

     To get the latest news on targeted attacks, visit Threat Intelligence Resources – Targeted Attacks. 

     
    Posted in Targeted Attacks | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice