 |
| Source: Trend Micro website. |
With Trend Micro’s 2015 security predictions expecting targeted attack campaigns in APAC to increase in size and scale, 2015 may very well become the year where targeted attacks come of age.
According to the report, spear-phishing emails are still the most common infection vector for infiltrating networks, with almost 80% of the targeted attack malware arriving via email. Typically sent to employees in target organisations, spear-phishing emails convince recipients to either click a malicious link or download and execute a malicious file.
According to the report, spear-phishing emails are still the most common infection vector for infiltrating networks, with almost 80% of the targeted attack malware arriving via email. Typically sent to employees in target organisations, spear-phishing emails convince recipients to either click a malicious link or download and execute a malicious file.
Some of the most common email attachments used to deliver payloads include Microsoft Office documents (57%) and RAR files (19%), as they commonly change hands in any organisation. Another method used to infiltrate target networks is compromising the websites that employees commonly visit. When their target employees visit these compromised sites, their systems get infected.
Zero-day* as well as tried-and-tested exploits both figured in the targeted attack landscape. This worked as some IT administrators in the region skipped applying security fixes to their networks to avoid disrupting critical business operations. A zero-day vulnerability caused by Windows XP’s end of life in April 2014 was exploited in a targeted attack against embassies earlier this year. Threat actors favoured Microsoft Office (53%) and Adobe Reader (46%) as the most common software vulnerability exploitation targets.
Most of the malware used in targeted attacks were trojans or trojan spyware (53%), followed by backdoors (46%). Backdoors typically aid in establishing command and control (C&C) communications and executing remote commands while trojans and trojan spyware aid in downloading the final malicious payload and stealing data.
Some of the notable campaigns for 1H 2014 included:
· Siesta – a campaign which was so named due to its final payload’s ability to receive sleep commands, which allowed it to stay dormant for various periods of time and in turn evade detection. Threat actors behind the campaign sent emails containing legitimate-looking links to chosen executives in specific organisations using fake email addresses of supposed colleagues
· ESILE – a campaign targeting APAC government institutions, ESILE was delivered via spear-phishing emails sporting varying social engineering lures that had to do with health care and taxes, among others. The emails contained a seemingly harmless document that, when opened, actually executes a malicious file in the background
Other APAC targeted attack campaigns that were still actively running in 1H 2014 include IXESHE, PLEAD, ANTIFULAI, and Taidoor.
“The efficacy of targeted attacks this year so far indicates that organisations still struggle to understand targeted attacks. One possible misconception is that targeted attacks are one-time efforts, whilst in reality they are well-planned and can be launched several times until they successfully compromise intended network targets,” said Dhanya Thakkar, Managing Director, APAC, Trend Micro. “To fight back, organisations today need a custom defense strategy which uses advanced threat detection technologies and shared intelligence to detect, analyse, and respond to attacks that are invisible to standard security products.”
Click here for the full report.
.jpg) |
| Source: Trend Micro. Japanese word processing software Ichitaro is a distant third in terms of software targeting. |
Most of the malware used in targeted attacks were trojans or trojan spyware (53%), followed by backdoors (46%). Backdoors typically aid in establishing command and control (C&C) communications and executing remote commands while trojans and trojan spyware aid in downloading the final malicious payload and stealing data.
Some of the notable campaigns for 1H 2014 included:
· Siesta – a campaign which was so named due to its final payload’s ability to receive sleep commands, which allowed it to stay dormant for various periods of time and in turn evade detection. Threat actors behind the campaign sent emails containing legitimate-looking links to chosen executives in specific organisations using fake email addresses of supposed colleagues
· ESILE – a campaign targeting APAC government institutions, ESILE was delivered via spear-phishing emails sporting varying social engineering lures that had to do with health care and taxes, among others. The emails contained a seemingly harmless document that, when opened, actually executes a malicious file in the background
Other APAC targeted attack campaigns that were still actively running in 1H 2014 include IXESHE, PLEAD, ANTIFULAI, and Taidoor.
“The efficacy of targeted attacks this year so far indicates that organisations still struggle to understand targeted attacks. One possible misconception is that targeted attacks are one-time efforts, whilst in reality they are well-planned and can be launched several times until they successfully compromise intended network targets,” said Dhanya Thakkar, Managing Director, APAC, Trend Micro. “To fight back, organisations today need a custom defense strategy which uses advanced threat detection technologies and shared intelligence to detect, analyse, and respond to attacks that are invisible to standard security products.”
Click here for the full report.
*A zero-day hacking attack makes use of a recently-announced bug which developers have
not patched yet.
No comments:
Post a Comment