Share this article:
Targeted Cyber-Attacks – Understanding the Crux!
The Internet is now grappling with an enormous increase in targeted cyber-attacks with the development and design of advanced malware and crimeware services that are used to conduct automated attacks on the fly. Execution of cyber-attacks for nefarious purposes has been causing huge losses to governments and organizations globally. Inspite of strong cyber-security regulations, cyber-attacks still persist and are proliferating on a daily basis, we’re facing a critical problem. A number of organizations including RSA, Target, Home Depot, JP Morgan Chase, and many others have been hit by targeted cyber-attacks which have resulted in severe monetary losses. A recent study by McAfee suggests that the losses generated by cyber-crime is somewhere between $300 billion to $1 trillion. With the existence of targeted cyber-attacks, threats to nations’ critical infrastructure are increasing rapidly.
Why these Attacks Persist?
Attackers trigger targeted cyber-attacks steal intellectual property, conduct cyber espionage, damage critical infrastructure and create uncertainty among users. A targeted cyber-attack against a nation’s critical infrastructure such as a banking system can have a devastating impact on the nation’s finances and economic structures. Attackers can achieve both tactical and strategic goals across the Internet without any physical encroachment. It is clear that targeted attacks provide a tactical advantage that can play a significant role in future cyber wars. The need of the hour is to build strong and robust defensive mechanisms to circumvent targeted cyber-attacks and to mitigate accompanying losses.
Overall, targeted attacks are complex in nature because attackers have to invest substantial amount of time in selecting targets, preparing attack models and discovering zero-day vulnerabilities (known vulnerabilities can also be used). A well-designed cyber-attack can act as a parasite that leeches critical information from the target. The value of a targeted cyber-attack is directly proportional to its ability to persist and remain undetected in the target network. To succeed in the hostile environment of network resilience and counter strategies, targeted attacks require multistage attack vectors to build a cumulative attack model.
Model of Targeted Cyber-Attacks
Targeted cyber-attacks are initiated in an articulated and well-planned manner over a period of time. A targeted attack can be dissected into five different phases covering the various tasks performed by the attackers for successful execution. The phases are:
Intelligence gathering is an art of collecting information about the targeted organization from various means on the Internet and other publicly available resources.
Infection target phase consists of attacks such as spear phishing and waterholing in which victims are coerced to open malicious emails and force to visit infected websites, respectively to infect the end-user systems by downloading malware on them.
System exploitation phase details the various stealthy techniques deployed in the malware to subvert the integrity and functionality of compromised systems including various applications running on them.
Data exfiltration phase covers how the data is stolen from the infected system and exfiltrates to the remote servers operated by attackers in various geographical locations of the world.
Maintaining control phase discusses how the malware persists on the infected system continuously so that targeted attack remains active over a period of time and data can be exfiltrated on regular basis.
Collaboration among industry, government and academia has become imperative to design security defenses and build road maps to fight against cybercrime, which is an outcome of targeted cyber-attacks. Henceforth, the research work to build robust security defenses in the field of computer and network security is extremely crucial and important to detect and prevent targeted cyber-attacks before actual damage is done.
Aditya is the co-author of Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware. Get your very own copy of his book on the Elsevier Store at a 30% discount! Just use discount code “STC3014” at checkout.
Aditya K Sood (Ph.D) is a senior security researcher and consultant. Dr. Sood has research interests in malware automation and analysis, application security, secure software design and cybercrime. He has worked on a number of projects pertaining to penetration testing specializing in product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He is also a founder of SecNiche Security Labs, an independent web portal for sharing research with security community.
He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, Usenix and others. His work has been featured in several media outlets including Associated Press, Fox News, Guardian, Business Insider, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Ph.D from Michigan State University in Computer Sciences. You can follow him on Twitter: @AdityaKSood
Securing computer systems is crucial in our increasingly interconnected electronic world. With so many business, consumer, and governmental processes occurring online, a growing potential exists for unauthorized access, change, or destruction of those processes. For years, Elsevier’s Syngress imprint has helped computer and information security professionals learn theory, strategy, and tactics for protecting digital assets in this constantly evolving field. Our books and eBooks in areas such as info security, digital forensics, hacking and penetration testing, certification, and IT security and administration. Click here for Syngress companion materials Click here for access to our archive of free eBooks, booklets and downloadable PDFs for Syngress and Computer security content. Access companion materials and instructor’s resources for all our books from the Elsevier Store. Search by author, title or ISBN, then look for the “Resources” tab on any book page.