• No results found

43% Figure 1: Targeted Attack Campaign Diagram

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "43% Figure 1: Targeted Attack Campaign Diagram"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

TrendLabs

(2)

2 | TrendLabs Security in Context Paper

Data exfiltration is the final stage of a targeted attack campaign where threat actors steal valuable corporate information while remaining undetected.

1

Threat actors use a variety of legitimate and malicious tools to extract specific information and mimic normal network traffic. For instance, the EvilGrab malware, which is related to a targeted attack campaign, uses a Windows filter to grab audio and video files.

2

Other techniques include using backdoor malware to upload gathered files, file transfer protocol (FTP) to transfer files without consent, and WMI (Windows Management Instrumentation) to monitor and capture recently opened files, and web applications to open browsers.

Figure 1: Targeted Attack Campaign Diagram

Preventing the exposure of confidential information is a top challenge for most (71%) enterprises.

3

Given the introduction of the mobile platform and the sophistication of targeted attacks, enterprises need to step up to protect its intellectual property, trade secrets, and other sensitive information.

1Trend Micro Incorporated. A TrendLabs Security in Context Paper. “Data Exfiltration: How Do Threat Actors Steal Your Data?” Last updated on: September 2013. Accessed on: November 2013.

http://about-threats.trendmicro.com/cloud-content/us/ent- primers/pdf/how_do_threat_actors_steal_your_data.pdf

2 Trend Micro Incorporated. A TrendLabs Report. “2Q Report on Targeted Attack Campaigns”. Last updated on: July 2013. Accessed on: November 2013. http://about-threats.trendmicro.com/cloud- content/us/ent-primers/pdf/2q-report-on-targeted-attack-campaigns.pdf

3International Data Corporation. An IDC Infographic Sponsored by Trend Micro. “Keeping Corporate Data Safe”. Last updated on: 2013. Accessed on: November 2013.

http://apac.trendmicro.com/apac/enterprise/security-suite-solutions/esdp-suite/infographic/index.html

43%

of most serious

threats to the

company’s

enterprise IT

infrastructure are

from external

sources.

(3)

Figure 2: Potential Data Threats in an Enterprise Network

Data breach and data loss are the most obvious outcomes of a successful targeted attack. However, the following shows real-world consequences that come right after:

These include all the monetary costs and resources needed for a company to gauge the amount of damage, find the nature of data stolen, and track all possible traces of the attack.

These involve fines incurred by organizations following strict regulations, as those running industrial control systems (ICS).

This is the amount that organizations already invested into intangible assets such as research and development advances and trade secrets, the theft of which can decrease their competitive advantage.

Data theft from a trusted organization can easily translate to

decrease in confidence from the industry it belongs.

(4)

4 | TrendLabs Security in Context Paper

Detecting targeted attacks at the data exfiltration stage is very challenging for enterprises. We recommend that enterprises assume compromise, enforce preventive measures, and use an airtight custom defense strategy that can detect threats in real time. We have stressed that securing the network infrastructure is the first step in the fight against targeted attacks.

4

This time, we present these key points as the next vital step: protecting valuable data

5

:

Every department or business unit should classify the crown jewels, the release of which can negatively affect an organization, from normal day-to-day documentation. These include government information, scientific research, and pharmaceutical formulas. Sharing and downloading them must require privileged access. They can be spread across the network to prevent threat actors from getting the whole information.

PCs, mobile devices, and removable devices should be secured by encrypting files, disk, and removable media.

Identity-based encryption solutions can be used to protect emails. Data should also be encrypted when using cloud applications, public or private cloud infrastructure, and virtual environments.

A protected infrastructure requires multi-tiered access, where top-level information pieces are in a disconnected network, second-level ones require a special two-factor authentication process, while third-level ones are on regular file servers.

4Trend Micro Incorporated. A TrendLabs Security in Context Paper. “Securing Your Network Infrastructure Against Targeted Attacks”. Last updated on: 2013. Accessed on: November

2013.http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/the-enterprise-fights-back- p01.pdf

5Trend Micro Incorporated. A Trend Micro Research Paper. “Suggestions to Help Companies with the Fight Against Targeted Attacks”. Last updated on: 2013. Accessed on: November 2013.

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-suggestions- to-help-companies-with-the-fight-against-targeted-attacks.pdf

(5)

Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our innovative security solutions for consumers, businesses and governments protect information on mobile devices, endpoints, gateways, servers and the cloud.

For more information, visit www.trendmicro.com

©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend TREND MICRO LEGAL DISCLAIMER

The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice.

Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes.

Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is” condition.

References

Download now ( PDF - 5 Page - 592.11 KB )

Related documents

Disruptive Innovation Within the Legal Services Ecosystem

Data were analyzed using Miles, Huberman, and Saldana’s data analysis method, resulting in 4 themes: recognizing the legal ecosystem and legal firms are open systems,

Fresno CERP Measure Tracker

4 community meetings 1 targeted social media campaign 4 community spaces for posted AQ info 1 targeted social media campaign 1 targ eted socia l medi a cam paig n 1

AFCAT Solved Papers 1 - 2011

And wisdom in this crisis means sensitiveness to the basic values of life; it means a vivid realization that we are literally living in one world where we must either

Quick Notes of Importance (read on for more details of what is required for each form)

The appraiser shall make sure all the sales are clearly the same H&B Use as the subject, clearly convey how any additional land (for the subject and/or sales) is

POLICY DOCUMENT & APPLICATION FORM

I declare that I and all other persons covered by this proposal are not receiving or expecting to receive a consultation or treatment and have not attended a hospital or received

Two Google Advertising Tactics You Aren t Using

Create “Audience” List of Visitors Remarking Campaign Within a Campaign Targeted AdWords Search Campaigns Targeted Google Display Network Ads... Google Remarketing

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Threat Actors Firewall IDS/IPS AntiVirus Logs Blocked Session Blocked Session Blocked Session Alert Endpoint Visibility Corporate Assets. Now, successful ATTACK CAMPAIGNS

SAPinsider Electronic Lead Generation Services Turnkey Webinars Targeted Asset Push List Rental

SAPinsider Targeted Asset Push Service Campaign Deliverables — Promotion.. © 2014 Wellesley