By now, most IT administrators are aware that their networks and systems may require defenses against targeted attacks carried out by well-equipped, knowledgeable attackers. As companies prepare their plans for the upcoming year, some may ask: how does one develop a strategy on how to help defend against these attacks?
Earlier today, Japan’s Information Technology Promotion Agency (IPA) released a guide titled System Design Guide for Thwarting Targeted Email Attacks. The IPA is under the Ministry of Economy, Trade and Industry (METI) and is responsible for promoting information technology, including security best practices, in Japan.
This multipage document provides administrators with an in-depth strategy for helping deal with these attacks. While implementation details are left to IT departments to consider, the document provides ten separate steps that administrators can consider to help secure their networks.
In addition, the document does not just consider purely technical concerns: it is the work of malware analysts, security operations center (SOC) operators, researchers, forensics, penetration testers, operations managers, and crisis managers. This multidisciplinary approach ensures that all aspects of a potential attack can be recognized and the appropriate countermeasures and defenses put in place.
One aspect of targeted attacks that is useful to understand is that the attackers have a clear goal in mind – i.e., to infiltrate the networks of the target and acquire information. By understanding their goals and their psychology, it becomes easier to understand the tactics of attackers. This makes it easier to defend or detect their attacks, as well as force attackers to make mistakes.
Representing Trend Micro, I was part of the group that created this document; our expertise in malware, threat intelligence, and targeted attacks was useful in crafting effective techniques against these new threats.
Many countries – including Japan – have had government agencies and companies within their borders face targeted attacks. The response to these attacks has frequently been full of difficulties and challenges, making the task of attackers easier. We believe that documents like this that allow organizations to respond in a reasoned, systematic manner are valuable in reducing the threat from targeted attacks.