• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Targeted Attacks   »   Common Misconceptions IT Admins Have on Targeted Attacks

Common Misconceptions IT Admins Have on Targeted Attacks

  • Posted on:July 16, 2014 at 4:05 am
  • Posted in:Targeted Attacks
  • Author:
    Spencer Hsieh (Threat Researcher)
1

In our efforts around addressing targeted attacks, we often work with IT administrators from different companies in dealing with threats against their network. During these collaborations, we’ve recognized certain misconceptions that IT administrators — or perhaps enterprises in general — have in terms of targeted attacks. I will cover some of them in this entry, and hope that it will enlighten IT administrators on how they should strategize against targeted attacks, also known as APTs.

A targeted attack is a one-time effort

Some IT administrators tend to think that targeted attacks are a one-time effort — that being able to detect and stop one run means the end of the attack itself. The truth, however, is that targeted attacks are also known as APTs because the term describes the attack well: advanced and persistent. The attacks are often well-planned and dynamic enough to adapt to changes within the target network. Being able to trace and block an attempt will mean that elimination of the threat. If anything, it can mean that there might be several other attempts not being detected, elevating the need for constant monitoring.

 There is a one-size-fits-all solution against targeted attacks

The demand for a complete and effective solution against targeted attacks is quite high, but a solution simply can not exist considering the nature of targeted attacks. Attackers spend much time during reconnaissance to understand the target company — its IT environment, and its security defenses — and IT admins need to adapt this mentality in terms of their security strategy. All networks are different, and this means that each one will need to be configured differently. IT admins need to fully understand the network and implement the necessary defense measures to fit their environment.

Your company is not important enough to be attacked

Another big assumption that companies have when it comes to targeted attacks is that they are unlikely to be a target because they do not have important data in their systems. Unfortunately, the importance of certain data may be relative to the intention of whoever is trying to get hold of it. For example, an HR personnel in a company may not find much importance in records of the employment history of past applicants, but an attacker might find use for it as a reference for social engineering. As Raimund said in one of his videos earlier this year, enterprises need to identify their core data and protect them sufficiently.

Targeted attacks always involve zero-day vulnerabilities

It goes without saying that zero-day vulnerabilities pose a great risk to enterprises, and users in general. However, based on analysis of targeted attacks seen in the past, older vulnerabilities are used more frequently. In our Targeted Attack Trends report from the second half of 2013, the most exploited vulnerability was not only one that was discovered in 2012, but was also patched in the same year. This trend raises the importance of applying security updates to all systems within a network — a missed update for one system may be all it takes to compromise an entire network.

Targeted attacks are a malware problem

The last misconception I’ll discuss is quite tricky because it is partly true. IT admins are mostly concerned about having a solution that will prevent malware from getting into their network. Although it is a valid concern,  focusing on malware will only solve part of the problem.  Targeted attacks involve not only the endpoints, but the entire IT environment. For example, many tools involved in lateral movement are legitimate administration tools. If the solution is focused only on detecting malware, it will not be able to detect the malicious activity. IT admins need to consider solutions that cover all aspects of the network.

For more details on various targeted attacks, as well as best practices for enterprises, you may visit our Threat Intelligence Resources on Targeted Attacks.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: social engineeringtargeted attacksvulnerabilityzero dayzero-day vulnerabilities

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.