Targeted attacks: Trend Micro report

Targeted attacks aim at secretly stealing data from the company's systems. In the near future, threats of this type will become more frequent and more sophisticated, striking small, medium and large organizations - that is why knowledge of methods used by cybercriminals is so important. Trend Micro publishes a summary report of targeted attacks in 2014.

Every day, we prefer to believe that unfortunate accidents meet someone else, not us. Unfortunately, when it comes to targeted attacks targeted at enterprises, the realistic question is not "if?", But "when?" We will become their victim.

"The scale of the problem may indicate that recently the Polish Financial Supervision Authority issued a warning on the basis of the opinion of the Internal Security Agency about possible attacks on ICT infrastructure in the near future" - says Michał Jarski, Sales Director for Central and Eastern Europe. "For companies and institutions that are not adequately prepared, the effects of a targeted attack may prove disastrous. When data leakage occurs, organizations lose their valuable resources, their reputation also suffers. Despite the changes that are observed in the landscape of targeted attacks year by year, one thing is certain - enterprises must implement more effective strategies that will enable them to detect possible threats and protect valuable resources from falling into the wrong hands "- adds Michał Jarski.

The reality of threats of this type is confirmed by independent institutions such as CERT.GOV.PL, describing the explicit, current activity of spy campaigns named EnergeticBear, DragonFly, or SandWorm directed against government institutions and companies from the energy sector in Poland.

Targeted attack

A targeted attack (or APT attack) consists of six steps: gathering information, determining the entry point, communication with C & C servers, horizontal movement and propagation in the network, detecting resources, data theft. Cybercriminals use different methods, including social engineering, all to obtain information.

A team of researchers from Trend Micro has published a summary report of APT attacks that took place last year. The report includes information from Trend Command servers monitored by Trend Micro. The most important conclusions from the report:

  • Due to the specific nature of targeted attacks, the detection of their perpetrators is very difficult, as cybercriminals have set themselves the goal of not leaving traces within the attacked network. However, regardless of who is behind the attack of this type, all are aimed at collecting and secretly stealing confidential data.
  • The solutions used by the companies in many cases were not able to stop the cybercriminals. Universally recognized as safer Apple devices were also targeted and could be used for network infiltration and subsequent spying.
  • In 2014, new methods were used by cybercriminals who, apart from zero-day vulnerabilities, also used legal tools provided by operating system manufacturers such as Windows PowerShell or cloud storage platforms, eg Dropbox.
  • Targeted attacks remain a global problem. Based on the examples monitored by Trend Micro in 2014, experts stated that the main countries in which C & C servers were located were Australia, Brazil, China, Egypt and Germany. The United States, Russia and China were no longer the target of cybercriminals - communication with C & C servers was conducted from many countries.
  • In 2014, we had to deal with both political and only financially motivated attacks. An example of the first type of attack is the Pawn Storm operation. Cybercriminals taking part in this attack carried out an extensive action aimed at political espionage. The target was military organizations, diplomatic missions, defense agencies and media in the United States and in countries that are allies of the United States. The attacks were also aimed at the employees of the Polish government.

The Targeted Attacks Campaigns and Trends report: 2014 Annual Report is available here:

source: Trend Micro

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.