Author: Trend Micro
Most of the things we have learned from target attacks in this industry are carried out in the hardest way: analysis of successful attacks. The achievements so far only show us how unfamiliar we are with the current "Battlefield", and how this stranger makes the industry unable to understand what we need to do in the face of such attacks. But why? Are attackers really good at it? Unfortunately, the answer is yes.
Understanding target attacks: What are we really fighting against?
Unfair advantages of attackers
Simply put, attackers have a higher level of control and more abundant resources. They can decide the nature of a threat-how and when to launch an attack. They can use many tools found on the network, including legitimate network services. More importantly, they can obtain the intelligence of the Target Attack object-they can study the target and search for data, making intrusion penetration easier and almost impossible to detect.
When attackers can take advantage of this flexibility, on the other hand, their attack targets are faced with many restrictions, and they are unable to manage themselves. With the rise of consumption and mobile computing, it is difficult for companies to determine their network scope, let alone to protect it. What they can do is to make full use of available policies to control the network and educate and train employees.
False sense of control
As a person who needs to take protection responsibilities, the most dangerous thing is to assume that we understand how attackers can perform attacks. The truth is that we don't really know how attacks happen. In particular, information sharing is so prevalent that it is almost impossible to know how much information an attacker can obtain from a specific target and what information can be used for attacks.
Therefore, when I hear that the target attack is always carried out by email, it always makes me angry. This will mislead users and help information security defenders. Emails may be used as a carrier for accessing victims in some attacks, but they do not always need to start from that. As I said earlier, attackers determine the nature of attacks. The policies they adopt are usually determined by the reconnaissance results of the target. The attack takes effect based on the degree of familiarity with the target, because they grasp the behavior and weakness of the target, whether it is a number or entity. Attackers may actually reach the target home, which produces the same or even greater results as digital attacks. Http://blog.trendmicro.com.tw/wp-includes/js/tinymce/plugins/wordpress/img/trans.gif
What can we do?
In view of this, when faced with target attacks, are we just fighting a war without odds? I don't think so. Attackers have a great deal of control, which is terrible, but we can realize that this has taken a big step forward. We need to fully understand what the real confrontation is and how much control is needed from them. But how can we achieve this? I will discuss this more in the future.
Http://www.trendmicro.com.cn/apt/
@ Original Source: Understanding Targeted Attacks: What Are We Really Up Against?