We recently wrote about the difference between cybercrime and a cyber war, which narrows down to the attack’s intent. With the same intent of gaining information to use against targets, cybercriminals and attackers tend to stress less importance in their choice of “tools”, as these campaigns are all about who carries out the attack. Ultimately, a simple equation can be drawn from these observations, in which a highly successful attack is composed of the attack’s intent and the right tools.
Our newest research paper Cybercriminals Use What Works: Targeted Attack Methodologies for Cybercrime sheds more light on reasons why cybercriminals adopt certain targeted attack methodologies. The paper discusses two case studies that show how cybercriminals continuously learn to make the most of these attack methodologies in “traditional” cybercrime for better financial gain. For cybercriminals, the more financial gain they get, the better it is.
Case studies: “Arablab” and “Resume.doc”
The “arablab” case study deals with an attack exploiting the CVE-2010-3333 vulnerability using a maliciously crafted document. Using our gathered information, we believe the perpetrator named “arablab” may be residing in the United States and may have been part of a gang known for launching 419 scams.
The second case study, “Resume.doc”, shows how cybercriminals used specially crafted documents that executed malicious macros, an infection method that is far from advanced but works to the cybercriminals’ advantage. The majority of the victims who accessed the (then) compromised site related to this attack were mostly from the United States, Canada, and Great Britain.
As targeted attack methodologies have not changed much over the years, an onslaught of targeted attacks confirm that the similar threats are becoming more prevalent. With that, we recognize that these methodologies are just as effective as they are prevalent. In the end, we can conclude that an attacker’s goals and game plans are based on, simply put, whatever works.
Read the full paper here: Cybercriminals Use What Works: Targeted Attack Methodologies for Cybercrime.