Targeted threats are a class of
malware destined for one specific organization or industry. A type of crimeware, these
threats are of particular concern because they are designed to capture sensitive information. Targeted attacks may include threats delivered via SMTP e-mail, port attacks,
zero day attackvulnerability exploits or
phishing messages. Government organisations are the most targeted sector.[1] Financial industries are the second most targeted sector, most likely because cybercriminals desire to profit from the confidential, sensitive information the financial industry IT infrastructure houses.[2] Similarly, online brokerage accounts have also been targeted by such attacks.[3]
Impact
The impact of targeted
attacks can be far-reaching. In addition to regulatory sanctions imposed by
HIPAA,
Sarbanes-Oxley, the
Gramm-Leach-Bliley Act and other laws, they can lead to the loss of revenue, focus and corporate momentum. They not only expose sensitive customer data, but damage corporate reputations and incur potential lawsuits.[4]
Detection and prevention
In contrast to a widespread
spam attack, which are widely noticed, because targeted attacks are only sent to a limited number of organizations, these crimeware threats tend to not be reported and thus elude malware scanners.[5]
The Hotword Trojan, the Ginwui and the PPDropper Trojans are additional examples of Trojans used for corporate espionage.[7]
Targeted destination attacks use harvested IP addresses to send messages directly to recipients without an MX record lookup. It aims for specific sites and users by defeating hosted protection services and internal gateways to deliver e-mail with malicious payloads.[8]
^Symantec Corp., Symantec Internet Security Threat Report, Vol X, Sep. 2006, p. 4.
^Avinti, Inc. "Targeted Destination Attacks." Sep. 2005.
"Archived copy"(PDF). Archived from
the original(PDF) on 2012-02-15. Retrieved 2006-11-28.{{
cite web}}: CS1 maint: archived copy as title (
link)