A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity’s infrastructure while maintaining anonymity. These attackers have a certain level of expertise and have sufficient resources to conduct their schemes over a long-term period. They can adapt, adjust, or improve their attacks to counter their victim’s defenses.
Targeted attacks often employ similar methods found in traditional online threats such as malicious emails, compromised or malicious sites, exploits, and malware. Targeted attacks differ from traditional online threats in many ways:
-
Targeted attacks are typically conducted as campaigns. APTs are often conducted in campaigns—a series of failed and successful attempts over time to get deeper and deeper into a target’s network—and are thus not isolated incidents.
-
They usually target specific industries such as businesses, government agencies, or political groups. Attackers often have long-term goals in mind, with motives that include, but are not limited to, political gain, monetary profit, or business data theft.
-
Attackers often customize, modify and improve their methods depending on the nature of their target sector and to circumvent any security measures implemented.
These attacks usually take longer to plan and execute. These make use of a variety of tools, some of which are not used in typical malware attacks. While some attacks make use of off-the-shelf remote access tools (RATs), highly targeted attacks are designed for a specific purpose, target a specific entity, and intend to achieve longevity within a compromised system and/or network to steal pertinent information and/or to monitor affected users' activities over time.
How are highly targeted attacks typically conducted?
Staging such attacks involves detailed reconnaissance work to gather information and to identify a particular target’s system and infrastructure weaknesses. To do this, attackers will hunt down all types of information, including data found in the target’s website, social networking accounts, publicly available documents, published accounts, and so on.
This information will help them identify who or what to target in order to gain entry. The information they gather includes employees’ names and their personal details (e.g., email addresses, social networking profiles, etc.) as well as the company’s IT policies, preferred OS, applications, software, and network structure.
After the target has been successfully tricked into executing the malware, it accesses the attackers' command-and-control (C&C) servers, allowing it to be used for information theft. Once a targeted system has been compromised, it is difficult to discover the existence of the malware.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM