• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Advanced targeted attacks: Practical Advice on Protecting your Business

Advanced targeted attacks: Practical Advice on Protecting your Business

  • Posted on:June 5, 2014
  • Posted in:Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

h

 

 

 

 

 

 

 

At Trend Micro, we’ve been protecting our customers against the latest breaking threats for over a quarter of a century. During that time, both the attacks and the people behind them have changed significantly. Today’s threat landscape is more complex and dangerous than ever before. Hacktivists are plotting to punish organizations with DDoS and data theft attacks; cyber criminals continue to try and find ways to steal customer data or sensitive Intellectual Property (IP); and state-sponsored actors have extended their remit well outside government and military targets.

Perhaps the most worrying development of all is the targeted attack.

The new normal

Targeted attacks are the new normal. Financially motivated gangs of hackers used to favor hiring botnets to fire out millions of phishing and malware-laden emails, with the aim of stealing users’ personal data or card info. However, better user awareness and a general improvement in personal and corporate information security over the years has begun to render these tactics less effective. Now the cyber gangs have switched to more insidious techniques which involve going after entire databases of records as well as high value IP, using the tools and techniques once mainly the preserve of state-sponsored actors. Financial, pharmaceutical, manufacturing, retail and public sector organizations are most at risk.

The idea with a targeted attack is to enter under the radar and stay hidden for as long as possible. Typically, a spear phishing email is targeted at specific members of an organization, with the aim of infiltrating the corporate network. Once inside, Remote Access Trojan (RAT) malware such as Poison Ivy or Xtreme RAT – both now readily available on the cyber criminal underground – will often be deployed. Once the malware finds what it’s looking for it might lie undiscovered for months or even years, exfiltrating data out to the attackers.

In our 2014 Predictions report, Trend Micro warned that more and more cyber criminals will use targeted attack methodologies this year to compromise machines and networks. They will use easy-to-craft malware”, usually exploiting known vulnerabilities, to launch small but effective campaigns which take advantage of an organization’s weakest link – its employees. Already this year Trend Micro has reported a major increase in attacks targeted at retailers’ Point of Sale (PoS) infrastructure.

The fight back begins

To help IT leaders and CISOs navigate these treacherous waters and help them protect their businesses from the damaging effects of these attacks, Trend Micro has launched a major new series of white papers. The Enterprise Fights Back consists of four major reports designed to offer best practical advice on how to secure network infrastructure; protect sensitive data against attack; build an incident response team; and develop effective threat intelligence.

We take the reader step-by-step through the mechanics of a typical targeted attack and offer tips on how best to disrupt the attack process via techniques such as network segmentation, log analysis and tighter access controls. The reports also detail how to build a data protection infrastructure to protect the organization’s “crown jewels,” from endpoint to cloud. Finally, we highlight the importance of company-wide collaboration to build an incident response team, and the use of tools like Trend Micro Deep Discovery to build vital local threat intelligence capabilities combined with the global threat intelligence offered by the Trend Micro™ Smart Protection Network™.

The bottom line is: targeted attacks are here to stay. The costs of a breach – from incident response and remediation to brand reputation, financial penalties and potential competitive disadvantage – are too big to ignore. So take a look at The Enterprise Fights Back today for some practical advice from our team of targeted attack experts.

Related posts:

  1. Spear Phishing and Advanced Targeted Attacks
  2. Business Process Compromise: The Next Step in Advanced Targeted Attacks
  3. Targeted Attacks and Advanced Threats: Why Senior Executives Need Your Help
  4. Survey Says: “What Business Leaders Need to Know about Targeted Attacks”

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.